使用openSSL构造一个支持https的nodejs服务器
首先通過(guò)下面的鏈接下載openSSL
https://slproweb.com/products/Win32OpenSSL.html
下載完畢后,執(zhí)行openssl進(jìn)入交互式界面:
使用命令生成privatekey.pem 1024意思是1024位長(zhǎng)度。
openssl genrsa -out privatekey.pem 1024
生成的privatekey.pem,打開看一看長(zhǎng)啥樣:
什么是pem文件?
.pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
簡(jiǎn)單的說(shuō),就是一個(gè)密鑰文件。
第二步,基于第一步生成的密鑰文件生成一個(gè)證書請(qǐng)求:
openssl req -new -key privatekey.pem -out certrequest.csr
如果懶得維護(hù)證書明細(xì),直接敲回車,會(huì)自動(dòng)填入默認(rèn)值:
最后基于第一步生成的密鑰和證書請(qǐng)求生成一個(gè)數(shù)字證書:當(dāng)然頒發(fā)機(jī)構(gòu)就是自己了,僅用于測(cè)試目的。
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
至此我們有了privatekey.pem和Certificate.pem兩個(gè)證書了。
下面是我https服務(wù)器的代碼,很簡(jiǎn)單,只有50幾行:
var app = require('express')(); var fs = require('fs'); var https = require('https');var httpOptions = {key: fs.readFileSync("keys/privatekey.pem"),cert: fs.readFileSync("keys/certificate.pem") }var server = https.createServer(httpOptions, app); var io = require('socket.io')(server);console.log("https server listens on port 8080...");server.listen(8080);function print_env(){console.log(process.env); }app.get('/', function (req, res) {var response = "Hello World";res.send(response); });app.get('/env', function (req, res) {print_env();// res.sendFile(__dirname + '/index.html');var response = JSON.stringify(process.env);res.send(response); });app.get('/redis', function (req, res) {var redisClient = require("./redisClient");function callback(response){// var response = "ok";//JSON.stringify(process.env);res.send(response);}redisClient.test(callback); });io.on('connection', function (socket) {console.log("connect comming from client: " + socket.id);socket.emit('messages_jerry', { hello: 'world greeting from Server!' });socket.on('messages', function (data) {console.log("data received from Client:" + JSON.stringify(data,2,2));}); });從代碼里不難理解這兩個(gè)pem文件是如何用在https服務(wù)器里的。
最后在瀏覽器里測(cè)試。因?yàn)槭亲约侯C發(fā)的證書,沒有經(jīng)過(guò)CA驗(yàn)證,所以瀏覽器會(huì)顯示一個(gè)警告。
要獲取更多Jerry的原創(chuàng)文章,請(qǐng)關(guān)注公眾號(hào)"汪子熙":
總結(jié)
以上是生活随笔為你收集整理的使用openSSL构造一个支持https的nodejs服务器的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 蔚来发布增强领航辅助订阅价格 新用户换电
- 下一篇: CloudFoundry和BOSH的关系