本文探讨了在Node.js通过HTTPS连接时遇到的DEPTH_ZERO_SELF_SIGNED_CERT错误,介绍了如何临时规避问题的不安全方法,以及推荐的正确解决方案,包括将自签名证书添加到信任存储或获取受信任CA签名的证书。
转自文章:
https://www.dazhuanlan.com/gabrielle39768/topics/1432494
感谢原作者分享。
在通过 js 连接 ssl 的 https 服务器时,遇到错误:
Error: DEPTH_ZERO_SELF_SIGNED_CERT
而在开发过程中跳过这一问题的方法是添加下面这句:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = “0”;
下文是一个中肯的解释:
Node is complaining because the TLS (SSL) certificate it’s been given is self-signed (i.e. it has no parent - a depth of 0). It expects to find a certificate signed by another certificate that is installed in your OS as a trusted root.
Your “fix” is to disable Node from rejecting self-signed certificates by allowing ANY unauthorised certificate.
Your fix is insecure and shouldn’t really be done at all, but is often done in development (it should never be done in production).
The proper solution should be to put the self-signed certificate in your trusted root store OR to get a proper certificate signed by an existing Certificate Authority (which is already trusted by your server).
大概意思是:
Node 被赋予了 TLS(SSL)证书是自签名的,它希望找到由安装在您的操作系统作为一个受信任的根证书,另一个签名的证书。
你的 “修复” 是允许任何未经授权的证书,取消其拒绝自签名证书节点。这里指 process.env.NODE_TLS_REJECT_UNAUTHORIZED = “0”;
你的解决方法是不安全的,应该不是真的都做到,但往往是在做开发(它不应该在生产中进行)。
正确的解决办法
正确的解决办法应该是把自签名证书在受信任的根存储或度日(这已经是你的服务器信任)现有的证书颁发机构签署一个适当的证书。
扫一扫
6120
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
