node.js上的客户端ssl授权
[英]Client ssl authorization on node.js
问题描述
我试图通过自签名进行客户授权。
首先,我正在创建证书:
CA证书
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
服务器证书
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
客户证明
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
将客户端证书转换为p12
openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12
打开并安装p12证书open client.p12
我的node.js服务器(使用express.js)
var express = require('express')
, routes = require('./routes')
, user = require('./routes/user')
, http = require('http')
, path = require('path')
, https = require('https')
, fs = require('fs');
var app = express();
app.configure(function () {
app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
});
app.configure('development', function () {
app.use(express.errorHandler());
});
app.get('/', function(req, res) {
console.log(req.client.authorized);
res.send(req.client.authorized)
});
var options = {
key:fs.readFileSync('ssl/server.key'),
cert:fs.readFileSync('ssl/server.crt'),
ca:[fs.readFileSync('ssl/ca.crt')],
requestCert:true,
rejectUnauthorized:false,
passphrase: 'passphrase',
agent: false
};
https.createServer(options,app).listen(app.get('port'), function () {
console.log("Express server listening on port " + app.get('port'));
});
服务器运行时,我在Chrome中打开https://localhost:3000 ,但身份验证不通过:req.client.authorized为false
Chrome消息是
The identity of this website has not been verified.
• Server's certificate does not match the URL.
我的错误在哪里?
2 个解决方案
解决方案1
3 2013-01-23 08:39:25
服务器URL与服务器证书的Common Name部分匹配。
创建服务器证书请求时,请记住将服务器的主机名放在Common Name部分。 如果您只是在本地测试(使用https://localhost作为地址),请使用localhost作为Common Name。
解决方案2
2 2013-01-17 19:18:43
通过HTTPS支持,使用request.connection.verifyPeer()和request.connection.getPeerCertificate()来获取客户端的身份验证详细信息。
Node.JS授权
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.