nodejs - 证书链中的错误自签名证书 [英] nodejs - error self signed certificate in certificate chain
问题描述
我遇到了客户端 https 请求的问题.
I am facing a problem with client side https requests.
一个片段可以是这样的:
A snippet can look like this:
var fs = require('fs');
var https = require('https');
var options = {
hostname: 'someHostName.com',
port: 443,
path: '/path',
method: 'GET',
key: fs.readFileSync('key.key'),
cert: fs.readFileSync('certificate.crt')
}
var requestGet = https.request(options, function(res){
console.log('resObj', res);
}
我得到的是错误:证书链中的自签名证书.
What I get is Error: self signed certificate in certificate chain.
当我使用 Postman 时,我可以导入客户端证书和密钥并毫无问题地使用它.有什么解决办法吗??我还想了解邮递员如何处理证书和工作.
When I use Postman I can import the client certificate and key and use it without any problem. Is there any solution available?? I would also like to be given some lights on how postman handles the certificates and works.
推荐答案
选项 1:禁用警告(对开发人员有用)
根据您的问题,我猜您正在开发中这样做,因为您使用自签名证书进行 SSL 通信.
Option 1: Disable the warning (useful for dev)
From your question I'm guessing you are doing this in development as you are using a self signed certificate for SSL communication.
如果是这种情况,请在运行 node 的任何地方添加为环境变量
If that's the case, add as an environment variable wherever you are running node
export NODE_TLS_REJECT_UNAUTHORIZED='0'
node app.js
或者直接用
NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js
这会指示 Node 允许不受信任的证书(不受信任 = 未经证书颁发机构验证)
This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority)
如果您不想设置环境变量或需要为多个应用程序执行此操作,npm 有一个 strict-ssl
配置,您可以将其设置为 false
If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl
config you set to false
npm config set strict-ssl=false
选项 2:加载 CA 证书,如邮递员(用于 TLS 测试)
如果您已经像@kDoyle 提到的海报一样拥有 CA 证书,那么您可以在每个请求中进行配置(感谢@nic ferrier).
Option 2: Load in CA cert, like postman (useful for testing with TLS)
If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).
let opts = {
method: 'GET',
hostname: "localhost",
port: listener.address().port,
path: '/',
ca: fs.readFileSync("cacert.pem")
};
https.request(opts, (response) => { }).end();
选项 3:使用来自可信来源的正确 SSL 证书(对生产有用)
letsencrypt.org 是免费的,易于设置并且密钥可以自动轮换.https://letsencrypt.org/docs/
这篇关于nodejs - 证书链中的错误自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!