使用自签名证书
我用它来生成 .crt 和 .key 文件:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout example.key -out example.crt -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:www.example.net,IP:127.0.0.1"
我有这个 node.js 代码:
var https = require('https');
var fs = require('fs');
var privateKey = fs.readFileSync('sslcert/example.key', 'utf8');
var certificate = fs.readFileSync('sslcert/example.crt', 'utf8');
var credentials = { key: privateKey, cert: certificate };
var express = require('express');
var app = express();
httpsServer.listen(8443);
我可以使用 Postman 并使用 8443 端口获取响应。 当我使用浏览器时,出现此错误:
127.0.0.1:8443 uses an invalid security certificate.
The certificate does not come from a trusted source.
我在 Windows 计算机上安装了 .crt 文件。我还尝试将 .crt 文件导入到 Firefox。当我尝试将其导入“您的证书”下时,出现此错误:
This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
当我将其导入“权威”时,它可以工作。为什么?我的自签名证书充当 CA?
I used this to generate .crt and .key files:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout example.key -out example.crt -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:www.example.net,IP:127.0.0.1"
I have this node.js code:
var https = require('https');
var fs = require('fs');
var privateKey = fs.readFileSync('sslcert/example.key', 'utf8');
var certificate = fs.readFileSync('sslcert/example.crt', 'utf8');
var credentials = { key: privateKey, cert: certificate };
var express = require('express');
var app = express();
httpsServer.listen(8443);
I could use Postman and get the response using the 8443 port.
When I use the browser, I get this error:
127.0.0.1:8443 uses an invalid security certificate.
The certificate does not come from a trusted source.
I installed the .crt file on my Windows machine. I also tried to import the .crt file to Firefox. When I try to import it under "Your certificates" I get this error:
This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
When I import it to "Authorities" it works. Why? My self signed certificate acts as a CA?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论