如何为 https Web 服务器创建 .pem 文件 [英] How to create .pem files for https web server

问题描述

我正在使用 Node.js 中的 Express 框架来创建 Web 服务器.我想使用 ssl 进行网络服务器的连接.

I'm using the Express framework in Node.js to create a web server. I want to use ssl for the web server's connection.

创建 https 网络服务器的代码如下.

The code to create the https web server is as below.

var app = express.createServer({
  key: fs.readFileSync('./conf/key.pem'),
  cert: fs.readFileSync('./conf/cert.pem')
});
module.exports = app;

问题:express需要的key.pem和cert.pem如何创建?

Question: How to create the key.pem and cert.pem required by express?

推荐答案

您需要的两个文件是 PEM 编码的 SSL 证书和私钥.PEM 编码的证书和密钥是 Base64 编码的文本，带有类似于 -----BEGIN RSA PRIVATE KEY----- 或类似的开始/结束分隔符.

The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like -----BEGIN RSA PRIVATE KEY----- or similar.

要创建 SSL 证书，您首先需要生成一个私钥和一个证书签名请求，或 CSR(其中也包含您的公钥).您可以通过多种方式完成此操作，但以下是 OpenSSL 中的方法.

To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR (which also contains your public key).You can do this in a variety of ways, but here's how in OpenSSL.

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

这将导致您输入交互式提示以生成 2048 位 RSA 私钥和包含您选择在提示中输入的所有信息的 CSR.(注意:Common Name 是您想要放置用于访问您的网站的域名的地方.)完成此操作后，您通常会将此 CSR 提交给受信任的证书授权，一旦他们验证了您的请求，您就会收到证书.

This will cause you to enter an interactive prompt to generate a 2048-bit RSA private key and a CSR that has all the information you choose to enter at the prompts. (Note: Common Name is where you'll want to put the domain name you'll be using to access your site.) Once you've done this you would normally submit this CSR to a trusted certificate authority and once they've validated your request you would receive a certificate.

如果您不关心您的证书是否可信(通常是出于开发目的)，您可以创建一个自签名证书.为此，我们可以使用几乎相同的行，但我们将传递两个额外的参数.

If you don't care about your certificate being trusted (usually the case for development purposes) you can just create a self-signed certificate. To do this, we can use almost the same line, but we'll pass two extra parameters.

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

这将为您提供可在您发布的代码片段中使用的证书(有效期为 10 年)和密钥对.

This will give you a cert (valid for 10 years) and key pair that you can use in the code snippet you posted.

这篇关于如何为 https Web 服务器创建 .pem 文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！