Is it possible to hotswap a tls certificate in node.js?
Question
Is it possible to swap out a certificate (say if it gets renewed) without restarting the server in node.js? Any connections that are currently open would have already trusted the server and so don't need to be disconnected, but any new connections need to see the new certificate. I would imagine it should be possible to do this kind of hotswap. Is it possible via the API node.js presents?
Or is there any node https module that allows this?
1 answers
solution1
0 2016-12-20 07:26:35
It looks like this is possible via something called the SNICallback:
https://github.com/nodejs/node/issues/10349#issuecomment-268157842
var certs = {
"safe.myDomain.com": {
key: fs.readFileSync('../SSL/safe/private/key.pem'),
cert: fs.readFileSync('../SSL/safe/certs/cert.pem')
},
"api.myDomain.com": {
key: fs.readFileSync('../SSL/api/private/key.pem'),
cert: fs.readFileSync('../SSL/api/certs/cert.pem')
}
}
var httpsOptions = {
SNICallback: function(hostname, cb) {
var ctx = tls.createSecureContext(certs[hostname])
cb(null, ctx])
}
}
https.createServer(httpsOptions).listen(1443, function() {
console.log('HTTPS server is listening on port 1443')
})
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.