node端搭建https服务器

https 需要证书,这里用openssl生成证书文件

检测openssl是否安装

$ openssl version -a

生成证书

 1. 生成私钥,并指定名称和长度
 $ openssl genrsa -out private_key.pem 1024
 
 2. 使用已有的私钥生成证书请求
 $ openssl req -new -out ca-req.csr -key private_key.pem
 
 3. 请求证书,输入文件为请求的文件,-signkey 指定生成证书的私钥
 $ openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey private_key.pem -days 3650

Node中使用

var https = require('https');

var options = {
  key: fs.readFileSync('./keys/private_key.pem'),  //私钥文件路径
  cert: fs.readFileSync('./keys/ca-cert.pem')  //证书文件路径
};

https.createServer(options).listen(8080, () => {
  console.log(`server running success at 8080`)
});

异常处理

  1. Unable to load config info from c:/openssl/ssl/openssl.cnf
    用下面内容创建文件:c:/openssl/ssl/openssl.cnf
####################################################################
#                 Sample OpenSSL configuration file                #
####################################################################

RANDFILE		= C:\\Progra~1\\OpenSSL\\.rnd

[ ca ]
default_ca	  = CA_default		# The default ca section

[ CA_default ]
dir           = C:\\CA
certs         = $dir\\certs             # Where the issued certs are kept
crl_dir       = $dir\\crl               # Where the issued crl are kept
database      = $dir\\index.txt         # database index file.
new_certs_dir = $dir\\newcerts          # default place for new certs.
certificate	  = $dir\\CAcert.pem        # The CA certificate
serial        = $dir\\serial            # The current serial number
crl           = $dir\\crl.pem           # The current CRL
private_key   = $dir\\private\\CAkey.pem # The private key
RANDFILE      = $dir\\private\\.rand     # private random number file

x509_extensions  = usr_cert   # The extentions to add to the cert
default_days     = 365        # how long to certify for
default_crl_days = 30         # how long before next CRL
default_md       = md5        # which md to use.
preserve         = no         # keep passed DN ordering

####################################################################

[ policy_anything ]
countryName              = optional
stateOrProvinceName      = optional
localityName             = optional
organizationName         = optional
organizationalUnitName   = optional
commonName               = supplied
emailAddress             = optional

####################################################################
[ req ]
default_bits         = 1024
default_keyfile      = privkey.pem
distinguished_name   = req_distinguished_name
attributes           = req_attributes
x509_extensions      = v3_ca	# The extentions to add to the self signed cert
string_mask          = nombstr

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = AU
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State
localityName                    = Locality Name (eg, city)
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Internet Widgits Pty Ltd
organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default = 
commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_max                = 40

[ req_attributes ]
challengePassword      = A challenge password
challengePassword_min  = 4
challengePassword_max  = 20
unstructuredName       = An optional company name

[ usr_cert ]
basicConstraints       = CA:FALSE
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer:always

[ v3_req ]
basicConstraints       = CA:FALSE
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints       = CA:true

[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值