Node.js-将https.request()与内部CA结合使用 [英] Node.js - Using https.request() with an internal CA

问题描述

我如何获得https.request()来信任我内部签名的服务器证书.这是我在v0.10.25中运行的代码的快速示例:

Who do I get https.request() to trust my internally-signed server certificate. Here is a quick example of the code I'm running in v0.10.25:

var options = {
     hostname: 'encrypted.mydomain.local',
     port: 443,
     path: '/',
     method: 'GET'
};

var https = require('https')
https.request(options)

我正在Windows系统上运行此程序，该系统在系统级别上信任我的内部根CA，但是每当我发出这样的请求时，我都会收到异常

I'm running this on a Windows system which has my internal root CA trusted at the system level, but whenever I make a request like this I get the exception

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: CERT_UNTRUSTED
    at SecurePair.<anonymous> (tls.js:1370:32)
    at SecurePair.EventEmitter.emit (events.js:92:17)
    at SecurePair.maybeInitFinished (tls.js:982:10)
    at CleartextStream.read [as _read] (tls.js:469:13)
    at CleartextStream.Readable.read (_stream_readable.js:320:10)
    at EncryptedStream.write [as _write] (tls.js:366:25)
    at doWrite (_stream_writable.js:223:10)
    at writeOrBuffer (_stream_writable.js:213:5)
    at EncryptedStream.Writable.write (_stream_writable.js:180:11)
    at write (_stream_readable.js:583:24)

有关更多详细信息，这全部发生在 node-atlassian-crowd 我正在尝试用于身份验证的模块

For a little more detail, this is all happening inside of the node-atlassian-crowd module I'm attempting to use for authentication

推荐答案

您需要在选项中添加ca: cafile.pem行.有关更多信息，请参见 http://nodejs.org/api/https.html#https_https_request_options_callback 详细信息.

You need to add a ca: cafile.pem line to your options. See http://nodejs.org/api/https.html#https_https_request_options_callback for more details.

相关部分:

还可以指定tls.connect()中的以下选项.但是，globalAgent默默地忽略了这些.

The following options from tls.connect() can also be specified. However, a globalAgent silently ignores these.

pfx:用于SSL的证书，私钥和CA证书.默认为空.

pfx: Certificate, Private key and CA certificates to use for SSL. Default null.

key:用于SSL的私钥.默认为空.

key: Private key to use for SSL. Default null.

passphrase:私钥或pfx的密码短语字符串.默认为空.

passphrase: A string of passphrase for the private key or pfx. Default null.

cert:要使用的公共x509证书.默认为空.

cert: Public x509 certificate to use. Default null.

ca:用于检查远程主机的授权证书或授权证书阵列.

在应用程序启动期间，使用诸如var casigningcert = fs.readFileSync('keys/ca-certsigning-cert.pem')之类的内容读取CA的证书文件，然后在以后的选项中使用它，其外观应类似于:

During application startup, read in the CA's certificate file with something like var casigningcert = fs.readFileSync('keys/ca-certsigning-cert.pem') and then consume it later in your options, which should then look something like:

var options = {
  hostname: 'encrypted.mydomain.local',
  port: 443,
  path: '/',
  method: 'GET',
  ca: casigningcert
  };

这篇关于Node.js-将https.request()与内部CA结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！