javascript – node.js上的客户端ssl授权

前端之家收集整理的这篇文章主要介绍了javascript – node.js上的客户端ssl授权前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我试图通过自签名进行客户授权.

首先,我要创建证书:

CA证书

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

服务器证书

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

客户证明

openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

将客户端证书转换为p12

openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12

打开并安装p12证书
打开client.p12

我的node.js服务器(使用express.js)

var express = require('express'),routes = require('./routes'),user = require('./routes/user'),http = require('http'),path = require('path'),https = require('https'),fs = require('fs');

var app = express();

app.configure(function () {
    app.set('port',process.env.PORT || 3000);
    app.set('views',__dirname + '/views');
    app.set('view engine','ejs');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(express.static(path.join(__dirname,'public')));
});

app.configure('development',function () {
    app.use(express.errorHandler());
});

app.get('/',function(req,res) {
    console.log(req.client.authorized);
    res.send(req.client.authorized)
});

var options = {
    key:fs.readFileSync('ssl/server.key'),cert:fs.readFileSync('ssl/server.crt'),ca:[fs.readFileSync('ssl/ca.crt')],requestCert:true,rejectUnauthorized:false,passphrase: 'passphrase',agent: false
    };

    https.createServer(options,app).listen(app.get('port'),function () {
        console.log("Express server listening on port " + app.get('port'));
    });

服务器运行时,我在Chrome中打开https:// localhost:3000,但身份验证不通过:req.client.authorized为false

Chrome消息是

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

我的错误在哪里?

解决方法

服务器URL与服务器证书的Common Name部分匹配.

创建服务器证书请求时,请记住将服务器的主机名放在Common Name部分.如果您只是在本地测试(使用https:// localhost作为地址),请使用localhost作为Common Name.

猜你在找的JavaScript相关文章