[Go] Create a self-signed HTTPS server with node. js

Source: Internet
Author: User
Tags generate csr openssl x509 pkcs12

Create a self-signed HTTPS server with node. js
    1. Create your own CA agency
    2. Create a server-side certificate
    3. Create a client certificate
    4. Package the Certificate
Create your own CA agency
    • Generate a private key for a CA

OpenSSL genrsa-out ca-key.pem-des 1024

    • Generate CSR from CA private key

OpenSSL Req-new-key ca-key.pem-out Ca-csr.pem

    • Generate a CA certificate from a CSR file and private key

OpenSSL x509-req-in Ca-csr.pem-signkey ca-key.pem-out Ca-cert.pem

Problems that you may encounter

You need root or admin permissions unable to load config Info from/user/local/ssl/openssl.cnf for this issue, you can download a copy of the correct openssl.cnf file from the Internet and set Local path to the openssl_conf=openssl.cnf file

Create a server-side certificate
    • Generate a private key for the server

OpenSSL genrsa-out Server-key.pem 1024

    • Generate CSR with server private key File server

OpenSSL req-new-key server-key.pem-config openssl.cnf-out Server-csr.pem

This step is critical and you need to specify a copy of the openssl.cnf file. You can use this.

[Req]Distinguished_name=Req_distinguished_name req_extensions=V3_req[Req_distinguished_name]CountryName= Country Name (2Letter code)Countryname_default=CN Stateorprovincename= State Or Province Name (Full Name)Stateorprovincename_default= BeijingLocalityname= Locality Name (eg,City)Localityname_default= YayuncunOrganizationalunitname= Organizational Unit Name (eg,Section)Organizationalunitname_default= Domain Control ValidatedCommonName= Internet Widgits LtdCommonname_max= 64 [V3_req] # Extensions to add to a certificate request  basicconstraints 
                                                                                                       
                                                                                                        =
                                                                                                         Ca:false keyusage = Nonrepudiation, Digitalsignature KeyEncipherment subjectaltname =  @alt_ Names [alt_names] Span class= "com" > #注意这个IP. 1 settings, IP address needs to be the same as your server's listening address  Ip. 1 = 127.0. 0.1                 
                                                                                                        
    • Generate a server certificate from a server private key file and a CSR file

OpenSSL x509-req-ca ca-cert.pem-cakey ca-key.pem-cacreateserial-in server-csr.pem-out server-cert.pem-extensions v3 _req-extfile openssl.cnf

Create a client certificate
    • Generating the client private key

OpenSSL genrsa-out Client-key.pem

    • Generate CSR with private key

OpenSSL Req-new-key client-key.pem-out Client-csr.pem

    • Generate a client certificate

OpenSSL x509-req-ca ca-cert.pem-cakey ca-key.pem-cacreateserial-in client-csr.pem-out Client-cert.pem

HTTPS Server Code
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Key:Fs.Readfilesync('./keys/server-key.pem '),Ca: [Fs.Readfilesync('./keys/ca-cert.pem ')],Cert:Fs.Readfilesync('./keys/server-cert.pem '};. Createserver (options,function  (req,res Res.200 Res.< Span class= "PLN" >end ( ' Hello world\n ' listen (3000,              
HTTPS Client Code
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Hostname:' 127.0.0.1 ',Port:3000,Path:‘/‘,Method:' GET ',Key:Fs.Readfilesync('./keys/client-key.pem '),Cert:Fs.Readfilesync('./keys/client-cert.pem '),Ca: [Fs.Readfilesync('./keys/ca-cert.pem ')],Agent:False};Options.Agent= NewHttps.Agent(Options);VarReq=Https.Request(Options,function(Res){Console.Log("StatusCode:",Res.StatusCode);Console.Log("Headers:",Res.Headers);Res.Setencoding(' Utf-8 ');Res.On(' Data ',function (d console< Span class= "pun". log (d}); req.. On ( ' ERROR ' ,function ( e) { Console. Loge              /span>                
Package the Certificate
    • Packaging server-side certificates

OpenSSL pkcs12-export-in server-cert.pem-inkey server-key.pem-certfile ca-cert.pem-out server.pfx

    • Packaging client Certificates

OpenSSL pkcs12-export-in client-cert.pem-inkey client-key.pem-certfile ca-cert.pem-out client.pfx

Server-side code
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {pFX:Fs.Readfilesync('./keys/server.pfx '),Passphrase:' Your password '}; https.  Createserver(options,function(req,res) { res.  Writehead(N); res.  End(' Hello world\n ');}). Listen("127.0.0.1");            
Client code
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Hostname:' 127.0.0.1 ',Port:3000,Path:‘/‘,Method:' GET ',pFX:Fs.Readfilesync('./keys/server.pfx '),Passphrase:' Your password ',Agent:False};Options.Agent= NewHttps.Agent(Options);VarReq=Https.Request(Options,function(Res){Console.Log("StatusCode:",Res.StatusCode);Console.Log("Headers:",Res.Headers);Res.Setencoding(' Utf-8 ');Res.On(' Data ',function(d) { Console. Logd}); req.. On ( ' ERROR ' ,function ( e) { Console. Loge 

Original address: https://cnodejs.org/topic/54745ac22804a0997d38b32d

[Go] Create a self-signed HTTPS server with node. JS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.