Node.js/Express.js 链证书不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19104215/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Node.js/Express.js Chain Certificate Not working
提问by darksky
I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). I've put our intermediate and chain certificate in one .crt file. The chain + intermediate certificate is in the INT_CERT_FILEvariable. It does not seem to work. I am using http://www.digicert.com/help, as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ "to check, but it does not seem to be returning the intermediate + chain certificate.
我在 Express 中有一个 SSL 服务器,它不适用于所有浏览器(除非用户手动信任该网站),因为某些浏览器需要链证书(我们有自己的中间证书)。我已将我们的中间证书和链证书放在一个 .crt 文件中。链+中间证书在INT_CERT_FILE变量中。它似乎不起作用。我正在使用http://www.digicert.com/help,并运行openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ "检查,但它似乎没有返回中间 + 链证书。
Here's how I'm setting it up:
这是我如何设置它:
var fs = require("fs");
var https = require("https");
var express = require("express");
var KEY_FILE = fs.readFileSync("path/to/key/file.key");
var CERT_FILE = fs.readFileSync("path/to/crt/file.crt);
var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt");
var _app_https = express();
var _server_https = null;
_server_https = https.createServer({
key: KEY_FILE,
cert: CERT_FILE,
ca: INT_CERT_FILE
}, _app_https).listen(443);
When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. How can I fix this issue?
在 Firefox 上访问它时,Firefox 无法识别其身份,需要手动信任它。我该如何解决这个问题?
Thanks,
谢谢,
回答by Jeroen Moors
Does your intermediate certificate file contains multiple certificate blocks?
您的中间证书文件是否包含多个证书块?
If that's the case you should split them into different files and read them one by one. You can pass them as an array to the caparameter.
如果是这种情况,您应该将它们分成不同的文件并一个一个地阅读。您可以将它们作为数组传递给ca参数。
I've got it working with the code below:
我已经使用下面的代码工作了:
var https = require('https'),
read = require('fs').readFileSync,
httpsOptions = {
key: read('ssl/mycertificate.key', 'utf8'),
cert: read('ssl/mycertificate.crt', 'utf8'),
ca: [
read('ssl/rapidssl_1.pem', 'utf8'),
read('ssl/rapidssl_2.pem', 'utf8')
]
};
https.createServer(httpsOptions, function (req, res) {
// ...
});
回答by alchemication
Handy little snippet if you actually can't modify any SSL-related files on the server - you can split the "ssl chain" file yourself. Spent a little while when tried to get Node and socket.io to work with SSL (was getting net::ERR_INSECURE_RESPONSE error on the client) so thought will share it:
如果您实际上无法修改服务器上任何与 SSL 相关的文件,那么方便的小片段 - 您可以自己拆分“ssl 链”文件。当试图让 Node 和 socket.io 与 SSL 一起工作时花了一些时间(在客户端上出现 net::ERR_INSECURE_RESPONSE 错误)所以想将分享它:
var read = require('fs').readFileSync;
var privateKey = read(MY_KEY_LOCATION, 'utf8');
var certificate = read(MY_CERT_LOCATION, 'utf8');
var chainLines = read(MY_CHAIN_LOCATION, 'utf8').split("\n");
var cert = [];
var ca = [];
chainLines.forEach(function(line) {
cert.push(line);
if (line.match(/-END CERTIFICATE-/)) {
ca.push(cert.join("\n"));
cert = [];
}
});
var credentials = {
"key": privateKey,
"cert": certificate,
"ca": ca
};
var httpsServer = https.createServer(credentials, app);
var io = require('socket.io').listen(httpsServer);