堆栈内存溢出
  简体   繁体   English

申请X509证书

[英]Request with X509 Certificate

 原文  2011-12-23 16:12:21       node.js/ ssl/ x509

问题描述

I have received a X509 certificate (one .cer file), I can decode it, so no problems on that. 我收到了一个X509证书(一个.cer文件),我可以解码它,所以没有问题。 Now I want to sign a request with this certificate in node, but I can't get this to work: 现在我想在节点中使用此证书签署一个请求,但我无法使其工作: 

var https = require("https");
var fs = require("fs");

var options = {
    host: 'management.core.windows.net',
    path: '/my-subscription-id/services/hostedservices',
    port: 443,
    method: 'GET',
    cert: fs.readFileSync("./SSLDevCert.cer"),
    agent: false
};

var req = https.request(options, function(res) {
    console.log("statusCode: ", res.statusCode);
    console.log("headers: ", res.headers);

    res.on('data', function(d) {
        process.stdout.write(d);
    });
});

This fails with 这失败了

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line 错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行
at Object.createCredentials (crypto.js:72:31) 在Object.createCredentials(crypto.js:72:31)
at Object.connect (tls.js:857:27) 在Object.connect(tls.js:857:27)
at Agent._getConnection (https.js:61:15) 在Agent._getConnection(https.js:61:15)
at Agent._establishNewConnection (http.js:1183:21) 在Agent._establishNewConnection(http.js:1183:21)

Doing the same in C# works fine: 在C#中做同样的事情很好: 

var req = (HttpWebRequest)WebRequest.Create(string.Format("https://management.core.windows.net/{0}/services/hostedservices", "my-subscription-id"));
req.ClientCertificates.Add(new X509Certificate2(File.ReadAllBytes("./SSLDevCert.cer"));
var resp = req.GetResponse();

2 个解决方案

解决方案1
 3  2011-12-23 17:00:27

PEM_read_bio expects certificate in PEM format, while you have certificate in "raw" DER format. PEM_read_bio需要PEM格式的证书,而您拥有“原始”DER格式的证书。 Obviously you need to convert your certificate to PEM format. 显然,您需要将证书转换为PEM格式。

BTW .cer files in DER format don't contain private key and can't be used for signing anything. DER格式的BTW .cer文件不包含私钥,不能用于签名任何内容。

You need to re-check what you actually have in your .cer file and in what format. 您需要重新检查.cer文件中的实际内容以及格式。

解决方案2
 2 已采纳  2012-01-27 09:33:01

A follow up on this: 跟进这个:

Only .cer file probably means that the private key is in the certificate (well that's the case with the Azure certs), you will have to transform in a PEM file (that starts with ----BEGIN RSA PRIVATE KEY---- ) and then do a request with: 只有.cer文件可能意味着私钥在证书中(就像Azure证书的情况一样),您将必须转换为PEM文件(以----BEGIN RSA PRIVATE KEY----开头----BEGIN RSA PRIVATE KEY---- )然后做一个请求: 

var key = fs.readFileSync("./key.pem");
var options = {
    cert: key,
    key: key
}

Getting the private key from the file can be a bit tricky, but this worked on Azure certificates, so it might help any of you: 从文件中获取私钥可能有点棘手,但这适用于Azure证书,因此它可能对您有所帮助: 

openssl pkcs12 -in ' + file + ' -nodes -passin pass:

(note the empty pass argument) (注意空传递参数)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 生成生产 x509 证书 - Generate production x509 certificate 在 nodeJS 中解析 X509 证书包 - Parsing X509 Certificate Bundles in nodeJS 解析节点中的 x509 证书字符串 - Parse x509 certificate string in node 使用X509证书验证Docusign Connect签名 - Verifying Docusign Connect Signature with X509 Certificate 使用X509证书npm'Soap'实现WSSecurity - Implementing WSSecurity with X509 Certificate npm 'Soap' 使用带有x509证书的SOAP上的Nodejs对Microsoft EWS进行身份验证 - Authenticating Microsoft EWS using Nodejs over SOAP with x509 certificate 使用node.js验证带有CA证书的X509证书 - Using node.js to verify a X509 certificate with CA cert 如何在 Node.js Web 应用程序中访问原始(或完整)X509 证书 - How do I access the raw (or full) X509 Certificate in a Node.js web app 获取 https://gcp.io/v2/: x509: 未知权威签署的证书 - Get https://gcp.io/v2/: x509: certificate signed by unknown authority node.js:错误:错误:0B080074:x509证书例程:X509_check_private_key:密钥值不匹配 - node.js : Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM