nodejs 可以生成 SSL 证书吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9519707/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can nodejs generate SSL certificates?
提问by ayanamist
I'm writing a proxy support HTTPS-HTTPS proxy. Before i use Python as the main programming language, but i'm interested in node.js now, so i prepare to migrate.
我正在编写一个代理支持 HTTPS-HTTPS 代理。之前使用 Python 作为主要编程语言,但我现在对 node.js 感兴趣,所以我准备迁移。
The largest problem i'm facing is that i don't know how to generate CA and other server certificates in node.js. In Python, there is pyOpenSSL which is awesome. I don't find something similar in node.js until now.
我面临的最大问题是我不知道如何在 node.js 中生成 CA 和其他服务器证书。在 Python 中,有很棒的 pyOpenSSL。直到现在我才在 node.js 中找到类似的东西。
Maybe i should use openssl-fork method? But how to handle the interactive operation in openssl.
也许我应该使用 openssl-fork 方法?但是如何处理openssl中的交互操作。
Thank you.
谢谢你。
采纳答案by Eric Vicenti
In case somebody doeswant to programatically create CSRs from node.js, I have created a nodejs modulewhich uses openssl to create a private key and a CSR.
如果有人确实想从 node.js 以编程方式创建 CSR,我创建了一个 nodejs 模块,该模块使用 openssl 创建私钥和 CSR。
Edit: Use peminstead. It is much more complete and probably more reliable.
编辑:改用pem。它更完整,可能更可靠。
Edit2: Actually, pem is also just a simple wrapper over openssh. For a pure js implementation, look into forge
Edit2:实际上,pem 也只是 openssh 的一个简单包装器。对于纯 js 实现,请查看伪造
回答by Nicocube
Use shell for certificate:
使用 shell 作为证书:
openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -out server-csr.pem
openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem
Then use them in node.js
然后在 node.js 中使用它们
var https = require('https');
https.createServer({
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem')
},
function (req,res) {
...
})
EDIT:
编辑:
You can also give a try to this project in NPM : https://npmjs.org/package/openssl-wrapper
你也可以在 NPM 中尝试这个项目:https: //npmjs.org/package/openssl-wrapper
I found it searching the NPM repo : https://npmjs.org/search?q=openssl
我发现它在搜索 NPM 存储库:https://npmjs.org/search?q =openssl
I did not tried or checked it myself, but it looks like a way to generate the certificate using node, which is the original question.
我自己没有尝试或检查过,但它看起来像一种使用节点生成证书的方法,这是原始问题。
var openssl = require('openssl-wrapper');
var password = 'github';
return openssl.exec('genrsa', {des3: true, passout: 'pass:' + password, '2048': false}, function(err, buffer) {
console.log(buffer.toString());
});
I'd be interested by a feedback. ;)
我会对反馈感兴趣。;)
回答by socketpair
node-forge allow that. Nothing to say more. DOES NOT use openssl shell command internally.
node-forge 允许这样做。没什么好说的。在内部不使用 openssl shell 命令。
回答by Jay
None of the node libraries seem to support the options I need, so I use the opensslexecutable.
似乎没有一个节点库支持我需要的选项,所以我使用了openssl可执行文件。
import { execSync } from 'child_process'
import fs from 'fs'
import tempy from 'tempy'
const extHeader = `authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
`
const shell = cmd => execSync(cmd, { stdio: 'pipe' })
const writeCert = (extFile, outfile) => {
const cmd = [
`openssl`,
`x509`,
`-req`,
`-in ssl/my.csr`,
`-CA ssl/root-ca.pem`,
`-CAkey ssl/root-ca.key`,
`-CAserial ssl/root-ca.srl`,
`-out ssl/${outfile}`,
`-days 1825`,
`-sha256`,
`-extfile ${extFile}`,
`-passin pass:mypassphrase`
]
shell(cmd.join(' '))
}
const createCert = domains => {
const sans = domains.map((d, i) => `DNS.${i + 1} = ${d}`)
const ext = extHeader + sans.join('\n')
const extFile = tempy.file()
fs.writeFileSync(extFile, ext, 'utf-8')
writeCert(extFile, 'out.crt')
}
Dependencies:
依赖项:
- openssl executable
- yarn add tempy
- openssl 可执行文件
- 纱线添加临时性
