https 需要证书,这里用openssl生成证书文件
检测openssl是否安装
$ openssl version -a
生成证书
1. 生成私钥,并指定名称和长度
$ openssl genrsa -out private_key.pem 1024
2. 使用已有的私钥生成证书请求
$ openssl req -new -out ca-req.csr -key private_key.pem
3. 请求证书,输入文件为请求的文件,-signkey 指定生成证书的私钥
$ openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey private_key.pem -days 3650
Node中使用
var https = require('https');
var options = {
key: fs.readFileSync('./keys/private_key.pem'), //私钥文件路径
cert: fs.readFileSync('./keys/ca-cert.pem') //证书文件路径
};
https.createServer(options).listen(8080, () => {
console.log(`server running success at 8080`)
});
异常处理
- Unable to load config info from c:/openssl/ssl/openssl.cnf
用下面内容创建文件:c:/openssl/ssl/openssl.cnf
####################################################################
# Sample OpenSSL configuration file #
####################################################################
RANDFILE = C:\\Progra~1\\OpenSSL\\.rnd
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = C:\\CA
certs = $dir\\certs # Where the issued certs are kept
crl_dir = $dir\\crl # Where the issued crl are kept
database = $dir\\index.txt # database index file.
new_certs_dir = $dir\\newcerts # default place for new certs.
certificate = $dir\\CAcert.pem # The CA certificate
serial = $dir\\serial # The current serial number
crl = $dir\\crl.pem # The current CRL
private_key = $dir\\private\\CAkey.pem # The private key
RANDFILE = $dir\\private\\.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days = 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
####################################################################
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always