使用 node.js 设置 SSL
[英]Setting up SSL with node.js
问题描述
I bought an SSL certificate at GoDaddy and I'm using the following node.js server to attempt to set it up:
我在 GoDaddy 购买了 SSL 证书,我正在使用以下 node.js 服务器尝试设置它:
var https = require('https'), // module for https
fs = require('fs'); // required to read certs and keys
var options = {
key: fs.readFileSync('../../ssl/example.com.key'),
cert: fs.readFileSync('../../ssl/example.com.crt'),
ca: fs.readFileSync('../../ssl/gd_bundle.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type": "application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type": "application/json"});
res.end('{"status":"denied"}');
}
}).listen(443);
After running the server, I attempted to visit the website at https://example.com and I just get运行服务器后,我尝试访问https://example.com的网站,但我得到了
{"status":"denied"}
I guess this is working properly since I'm getting a response, but I think my understanding of how SSL works is wrong.我想这工作正常,因为我收到了回复,但我认为我对 SSL 工作原理的理解是错误的。 I thought the browser gets the certificate from the server, which then authenticates it against root certs, ie from GoDaddy.我认为浏览器从服务器获取证书,然后根据根证书对其进行身份验证,即来自 GoDaddy。 so shouldn't i get所以我不应该得到
{"status":"approved"}
just simply visiting https://example.com ?只是简单地访问https://example.com ?
So I guess my question is, how do I visit https://example.com and get {"status":"approved"}?所以我想我的问题是,我如何访问https://example.com并获得 {"status":"approved"}?
Thanks!谢谢!
3 个解决方案
解决方案1
3 已采纳 2012-08-03 22:44:17
The reason you are getting denied, is because you are trying to authenticate using client certificate authentication.您被拒绝的原因是因为您正在尝试使用客户端证书身份验证进行身份验证。 Each end user needs a client certificate signed by your server certificate.每个最终用户都需要一个由您的服务器证书签名的客户端证书。 How to setup Client Certificates and Certificate Auth with Node . 如何 使用 Node 设置客户端证书和 证书身份 验证。
If you are just attempting to encrypt your web traffic, you don't need the client certificates.如果您只是尝试加密 Web 流量,则不需要客户端证书。 Use the example here http://nodejs.org/docs/latest/api/https.html if you just want the traffic encrypted.如果您只想加密流量,请使用此处的示例http://nodejs.org/docs/latest/api/https.html 。
解决方案2
0 2015-01-14 15:19:57
This is wrong:这是错误的:
ca: fs.readFileSync('../../ssl/gd_bundle.crt')
ca needs to be an array of strings or buffers containing individual certificates. ca需要是包含单个证书的字符串或缓冲区数组。 If you supply a bundle, only the first certificate is used and the rest is ignored.如果您提供捆绑包,则仅使用第一个证书,其余证书将被忽略。
See also: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener另见: http : //nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
解决方案3
0 2021-12-10 03:21:35
1.) First Open your cpanel 2.) SSL/TLS 3.)Manage SSL sites. 1.) 首先打开您的 cpanel 2.) SSL/TLS 3.) 管理 SSL 站点。 4.) Select Domain on which you want to add ssl 5.) Then Autofill by certificate 4.) 选择要添加 ssl 的域 5.) 然后通过证书自动填充
You will get here crt and key create 2 files domain.pem and domain.crt你会在这里 crt 和 key 创建 2 个文件 domain.pem 和 domain.crt
put crt code into domain.crt and key code into domain.pem file and put both file on the main root将 crt 代码放入 domain.crt 并将密钥代码放入 domain.pem 文件并将这两个文件放在主根目录中
const https = require('http');
const fs = require('fs');
const httpsOptions = {
key: fs.readFileSync('domain.pem'),
cert: fs.readFileSync('domain.crt'),
ca: fs.readFileSync('domain.crt'),
passphrase: '??'
}
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type":
"application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type":
"application/json"});
res.end('{"status":"denied"}');
}
}).listen(443);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.