Node.js nodejs-无法使用自签名证书验证叶签名
我正在尝试使nodeNode.js nodejs-无法使用自签名证书验证叶签名,node.js,ssl,Node.js,Ssl,我正在尝试使nodehttps与自签名证书一起工作,该证书的请求指向IP地址,而不是DNS名称。我正在使用这个代码 var tls = require('tls'); var fs = require('fs'); var cert = fs.readFileSync(__dirname + '/cert.pem'); var key = fs.readFileSync(__dirname + '/key.pem'); var netServer = new tls.Server(optio
https
与自签名证书一起工作,该证书的请求指向IP地址,而不是DNS名称。我正在使用这个代码
var tls = require('tls');
var fs = require('fs');
var cert = fs.readFileSync(__dirname + '/cert.pem');
var key = fs.readFileSync(__dirname + '/key.pem');
var netServer = new tls.Server(options = { key: key, cert: cert });
var port = 54321;
netServer.listen(port);
netServer.on('secureConnection', function(socket) {
socket.end('heyyyoooo');
});
var client = tls.connect(port, 'localhost', {
ca: [ cert ],
rejectUnauthorized: true
});
client.on('data', function(data) {
console.log(data.toString());
process.exit();
});
当向localhost
发出请求时,它与由生成的证书(不带使用者替代名称)配合良好,但是当我将其替换为127.0.0.1
时,我得到错误:主机名/IP与证书的altnames
不匹配。因此,我创建了一个新的证书,它使用subjectAltName
生成。Openssl将其解读为:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11107838472034892631 (0x9a26f83d0c0ebb57)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=127.0.0.1
Validity
Not Before: Jun 24 09:51:56 2013 GMT
Not After : Jun 22 09:51:56 2023 GMT
Subject: CN=127.0.0.1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus: *skipped*
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha1WithRSAEncryption
*skipped*
因此,SAN的创建是正确的。现在我遇到了错误:无法验证\u LEAF\u签名
,如何使其工作?尝试以下操作:
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';
请注意,这将禁用非常重要的安全检查。可能会重复