Home > Developer > Web Develop

[Go] Create a self-signed HTTPS server with node. js

Source: Internet
Author: User
Tags generate csr openssl x509 pkcs12
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Create a self-signed HTTPS server with node. js
    1. Create your own CA agency
    2. Create a server-side certificate
    3. Create a client certificate
    4. Package the Certificate
Create your own CA agency
    • Generate a private key for a CA

OpenSSL genrsa-out ca-key.pem-des 1024

    • Generate CSR from CA private key

OpenSSL Req-new-key ca-key.pem-out Ca-csr.pem

    • Generate a CA certificate from a CSR file and private key

OpenSSL x509-req-in Ca-csr.pem-signkey ca-key.pem-out Ca-cert.pem

Problems that you may encounter

You need root or admin permissions unable to load config Info from/user/local/ssl/openssl.cnf for this issue, you can download a copy of the correct openssl.cnf file from the Internet and set Local path to the openssl_conf=openssl.cnf file

Create a server-side certificate
    • Generate a private key for the server

OpenSSL genrsa-out Server-key.pem 1024

    • Generate CSR with server private key File server

OpenSSL req-new-key server-key.pem-config openssl.cnf-out Server-csr.pem

This step is critical and you need to specify a copy of the openssl.cnf file. You can use this.

[Req]Distinguished_name=Req_distinguished_name req_extensions=V3_req[Req_distinguished_name]CountryName= Country Name (2Letter code)Countryname_default=CN Stateorprovincename= State Or Province Name (Full Name)Stateorprovincename_default= BeijingLocalityname= Locality Name (eg,City)Localityname_default= YayuncunOrganizationalunitname= Organizational Unit Name (eg,Section)Organizationalunitname_default= Domain Control ValidatedCommonName= Internet Widgits LtdCommonname_max= 64 [V3_req] # Extensions to add to a certificate request  basicconstraints 
                                                                                                       
                                                                                                        =
                                                                                                         Ca:false keyusage = Nonrepudiation, Digitalsignature KeyEncipherment subjectaltname =  @alt_ Names [alt_names] Span class= "com" > #注意这个IP. 1 settings, IP address needs to be the same as your server's listening address  Ip. 1 = 127.0. 0.1
    • Generate a server certificate from a server private key file and a CSR file

OpenSSL x509-req-ca ca-cert.pem-cakey ca-key.pem-cacreateserial-in server-csr.pem-out server-cert.pem-extensions v3 _req-extfile openssl.cnf

Create a client certificate
    • Generating the client private key

OpenSSL genrsa-out Client-key.pem

    • Generate CSR with private key

OpenSSL Req-new-key client-key.pem-out Client-csr.pem

    • Generate a client certificate

OpenSSL x509-req-ca ca-cert.pem-cakey ca-key.pem-cacreateserial-in client-csr.pem-out Client-cert.pem

HTTPS Server Code 
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Key:Fs.Readfilesync('./keys/server-key.pem '),Ca: [Fs.Readfilesync('./keys/ca-cert.pem ')],Cert:Fs.Readfilesync('./keys/server-cert.pem '};. Createserver (options,function  (req,res Res.200 Res.< Span class= "PLN" >end ( ' Hello world\n ' listen (3000,
HTTPS Client Code 
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Hostname:' 127.0.0.1 ',Port:3000,Path:‘/‘,Method:' GET ',Key:Fs.Readfilesync('./keys/client-key.pem '),Cert:Fs.Readfilesync('./keys/client-cert.pem '),Ca: [Fs.Readfilesync('./keys/ca-cert.pem ')],Agent:False};Options.Agent= NewHttps.Agent(Options);VarReq=Https.Request(Options,function(Res){Console.Log("StatusCode:",Res.StatusCode);Console.Log("Headers:",Res.Headers);Res.Setencoding(' Utf-8 ');Res.On(' Data ',function (d console< Span class= "pun". log (d}); req.. On ( ' ERROR ' ,function ( e) { Console. Loge              /span>
Package the Certificate
    • Packaging server-side certificates

OpenSSL pkcs12-export-in server-cert.pem-inkey server-key.pem-certfile ca-cert.pem-out server.pfx

    • Packaging client Certificates

OpenSSL pkcs12-export-in client-cert.pem-inkey client-key.pem-certfile ca-cert.pem-out client.pfx

Server-side code 
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {pFX:Fs.Readfilesync('./keys/server.pfx '),Passphrase:' Your password '}; https.  Createserver(options,function(req,res) { res.  Writehead(N); res.  End(' Hello world\n ');}). Listen("127.0.0.1");
Client code 
VarHttps=Require(' HTTPS ');VarFs=Require(' FS ');VarOptions= {Hostname:' 127.0.0.1 ',Port:3000,Path:‘/‘,Method:' GET ',pFX:Fs.Readfilesync('./keys/server.pfx '),Passphrase:' Your password ',Agent:False};Options.Agent= NewHttps.Agent(Options);VarReq=Https.Request(Options,function(Res){Console.Log("StatusCode:",Res.StatusCode);Console.Log("Headers:",Res.Headers);Res.Setencoding(' Utf-8 ');Res.On(' Data ',function(d) { Console. Logd}); req.. On ( ' ERROR ' ,function ( e) { Console. Loge 
 
 Original address: https://cnodejs.org/topic/54745ac22804a0997d38b32d

[Go] Create a self-signed HTTPS server with node. JS

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
node js error self signed certificate create server in node js https self signed certificate self signed certificate https self signed https node js create file how to enable https in node js

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More