当前位置:theitroad>如何使用 node.js 请求模块使用我自己的证书进行 SSL 调用?

如何使用 node.js 请求模块使用我自己的证书进行 SSL 调用?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/15254976/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-02 13:46:35  来源:igfitidea点击:

How do I use the node.js request module to make an SSL call with my own certificate?

node.jssslhttpsrequestcertificate

提问by Jake

I'm using node.js and this request module to make HTTP calls to another server.

我正在使用 node.js 和这个请求模块对另一台服务器进行 HTTP 调用。

https://github.com/mikeal/request

https://github.com/mikeal/request

It works great. I now need to modify this code to make the calls over SSL, using my company's SSL certificate. In the request module's docs, it says this about the strictSSL option:

它工作得很好。我现在需要修改此代码以使用我公司的 SSL 证书通过 SSL 进行调用。在请求模块的文档中,它说明了 strictSSL 选项:

"strictSSL - Set to true to require that SSL certificates be valid. Note: to use your own certificate authority, you need to specify an agent that was created with that ca as an option."

“strictSSL - 设置为 true 以要求 SSL 证书有效。注意:要使用您自己的证书颁发机构,您需要指定使用该 CA 创建的代理作为选项。”

This sounds like what I need to do, but I don't understand this phrase: "specify an agent that was created with that ca as an option.".

这听起来像是我需要做的,但我不明白这句话:“指定使用该 ca 创建的代理作为选项。”。

1) What do they mean by "an agent"? 2) How do I "specify an agent" 3) How do I create the agent "with that ca as an option"?

1) 他们所说的“代理人”是什么意思?2) 如何“指定代理” 3) 如何“以该 ca 作为选项”创建代理?

A code example would be amazing, but any leads would be helpful. Thanks.

代码示例会很棒,但任何线索都会有所帮助。谢谢。

回答by Niels Abildgaard

This largely elaborates on Peter Lyons' answer, providing an example.

这在很大程度上详细说明了Peter Lyons 的回答,提供了一个例子。

I am assuming that you are requesting a domain running over HTTPS with a certificate signed by your owncertificate authority (ca).

我假设您正在请求使用由您自己的证书颁发机构 (ca)签署的证书通过 HTTPS 运行的域。

When using the request library, as you do, there is no need to actually instantiate the agent yourself, you can simply provide some agentOptionsto the request you are making. The following is an example:

使用请求库时,您无需自己实际实例化代理,您只需向agentOptions您发出的请求提供一些即可。下面是一个例子:

request({
  method: "POST",
  uri: "https://localhost/entries",
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    name: "someEntry"
  }),
  agentOptions: {
    ca: fs.readFileSync("certs/ca.cert.pem")
  }
}, function(error, httpResponse, body) {
  //handle response
});

The important thing here is the agentOptions, which you provide the certificate of a ca. All domains using certificates signed by the ca are now accepted. Imagine a ca CA1has signed three domains, D1, D2, D3. Setting the ca to CA1results in allowing requests to all of the domains D1, D2, D3(but not D4signed by a different ca).

这里重要的是agentOptions,你提供了一个 ca 的证书。现在接受所有使用由 CA 签署的证书的域。想象一下,一个 CA CA1已经签署了三个域,D1D2D3。将 ca 设置为CA1 会导致允许对所有域D1D2D3 的请求(但不包括由不同 ca 签名的D4)。

Point being: the "certs/ca.cert.pem"must be the certificate of the signing certificate authority.

要点是:"certs/ca.cert.pem"必须是签名证书颁发机构的证书。

回答by Peter Lyons

  1. "an agent" means an instance of http.Agentfrom the node standard httpmodule
  2. The docs indicate this agent instance would be passed to requestin the pooloption I believe, although I haven't done it myself and the docs are indeed sparse on details here. Based on skimming the code, I think you might just need options.ca
  3. request seems to directly support options.caand uses it herein getAgent
  1. “一个代理”是指来自节点标准模块的http.Agent 的一个实例http
  2. 文档表明这个代理实例将requestpool我相信的选项中传递给,虽然我自己没有做过,而且文档在这里的细节确实很少。基于浏览代码,我认为您可能只需要options.ca
  3. 要求似乎直接支持options.ca,并在这里使用它getAgent

So my guess is maybe just pass in options.caas a string that is the public key of your company's certificate authority and see if request does the right thing from there.

所以我的猜测可能只是options.ca作为一个字符串传入,它是贵公司证书颁发机构的公钥,然后查看请求是否从那里做正确的事情。

回答by RIYAJ KHAN

const request = require('request');

request.post({
                url: strRSAUrl,
                agentOptions: {
                    ca: fs.readFileSync('path-to-cacert.pem')
                },
                form: {
                    some_key: some_value,
                }
            }, function (error, response, body) {
                objResponse.send(body);
            });

For more details,you can refer from nodejs#request

有关更多详细信息,您可以参考 nodejs#request

回答by Yevgeny Simkin

perhaps I'm misunderstanding the problem, but in my experience you don't need to do anything special at all if you require('https'), the call automatically goes out over SSL.

也许我误解了这个问题,但根据我的经验,如果你根本不需要做任何特别的事情require('https'),调用会自动通过 SSL 发出。

I just tested this with my google maps api call and indeed if I require('http')Google complains that it wants the call to come in over SSL, but when I add the severything works as expected.

我刚刚用我的 google maps api 调用测试了这个,确实如果我require('http')谷歌抱怨它希望调用通过 SSL,但是当我添加时,s一切都按预期工作。

相关推荐

node.js 节点/快递:EADDRINUSE,地址已在使用 - 杀死服务器

node.js 节点/快递:EADDRINUSE,地址已在使用 - 杀死服务器

如何在NodeJS中拆分和修改字符串?

如何在NodeJS中拆分和修改字符串?

node.js socket.io 与 express

node.js socket.io 与 express

node.js (JavaScript) 将 forEach 循环与内部回调同步

node.js (JavaScript) 将 forEach 循环与内部回调同步

相关推荐
最近更新
标签