本文共 3858 字,大约阅读时间需要 12 分钟。
openssl genrsa -out ca-key.pem -des 1024
openssl req -new -key ca-key.pem -out ca-csr.pem
openssl x509 -req -in ca-csr.pem -signkey ca-key.pem -out ca-cert.pem
你需要root或者admin的权限Unable to load config info from /user/local/ssl/openssl.cnf对于这个问题,你可以从网上下载一份正确的openssl.cnf文件,然后set OPENSSL_CONF=openssl.cnf文件的本地路径
openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -config openssl.cnf -out server-csr.pem
这一步非常关键,你需要指定一份openssl.cnf文件。可以用这个
[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = CN stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = BeiJing localityName = Locality Name (eg, city) localityName_default = YaYunCun organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Domain Control Validated commonName = Internet Widgits Ltd commonName_max = 64 [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] #注意这个IP.1的设置,IP地址需要和你的服务器的监听地址一样 IP.1 = 127.0.0.1
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server-csr.pem -out server-cert.pem -extensions v3_req -extfile openssl.cnf
openssl genrsa -out client-key.pem
openssl req -new -key client-key.pem -out client-csr.pem
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in client-csr.pem -out client-cert.pem
var https = require('https');var fs = require('fs');var options = { key: fs.readFileSync('./keys/server-key.pem'), ca: [fs.readFileSync('./keys/ca-cert.pem')], cert: fs.readFileSync('./keys/server-cert.pem')};https.createServer(options,function(req,res){ res.writeHead(200); res.end('hello world\n');}).listen(3000,'127.0.0.1');
var https = require('https');var fs = require('fs');var options = { hostname:'127.0.0.1', port:3000, path:'/', method:'GET', key:fs.readFileSync('./keys/client-key.pem'), cert:fs.readFileSync('./keys/client-cert.pem'), ca: [fs.readFileSync('./keys/ca-cert.pem')], agent:false};options.agent = new https.Agent(options);var req = https.request(options,function(res){ console.log("statusCode: ", res.statusCode); console.log("headers: ", res.headers); res.setEncoding('utf-8'); res.on('data',function(d){ console.log(d); })});req.end();req.on('error',function(e){ console.log(e);})
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -certfile ca-cert.pem -out server.pfx
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -certfile ca-cert.pem -out client.pfx
var https = require('https');var fs = require('fs');var options = { pfx:fs.readFileSync('./keys/server.pfx'), passphrase:'your password'};https.createServer(options,function(req,res){ res.writeHead(200); res.end('hello world\n');}).listen(3000,'127.0.0.1');
var https = require('https');var fs = require('fs');var options = { hostname:'127.0.0.1', port:3000, path:'/', method:'GET', pfx:fs.readFileSync('./keys/server.pfx'), passphrase:'your password', agent:false};options.agent = new https.Agent(options);var req = https.request(options,function(res){ console.log("statusCode: ", res.statusCode); console.log("headers: ", res.headers); res.setEncoding('utf-8'); res.on('data',function(d){ console.log(d); })});req.end();req.on('error',function(e){ console.log(e);})
转载地址:http://otrji.baihongyu.com/