如何使用 node.js 请求模块使用我自己的证书进行 SSL 调用? [英] How do I use the node.js request module to make an SSL call with my own certificate?

问题描述

我正在使用 node.js 和这个请求模块对另一台服务器进行 HTTP 调用.

I'm using node.js and this request module to make HTTP calls to another server.

https://github.com/mikeal/request

效果很好.我现在需要修改此代码以使用我公司的 SSL 证书通过 SSL 进行调用.在请求模块的文档中，它说明了 strictSSL 选项:

It works great. I now need to modify this code to make the calls over SSL, using my company's SSL certificate. In the request module's docs, it says this about the strictSSL option:

strictSSL - 设置为 true 以要求 SSL 证书有效.注意:要使用您自己的证书颁发机构，您需要指定使用该 CA 创建的代理作为选项."

"strictSSL - Set to true to require that SSL certificates be valid. Note: to use your own certificate authority, you need to specify an agent that was created with that ca as an option."

这听起来像是我需要做的，但我不明白这句话:指定使用该 ca 创建的代理作为选项.".

This sounds like what I need to do, but I don't understand this phrase: "specify an agent that was created with that ca as an option.".

1) 他们所说的代理"是什么意思?2)如何指定代理"3) 如何以该 ca 作为选项"创建代理?

1) What do they mean by "an agent"? 2) How do I "specify an agent" 3) How do I create the agent "with that ca as an option"?

代码示例会很棒，但任何线索都会有所帮助.谢谢.

A code example would be amazing, but any leads would be helpful. Thanks.

推荐答案

这主要阐述了 Peter Lyons 的回答，提供一个例子.

This largely elaborates on Peter Lyons' answer, providing an example.

我假设您正在请求一个通过 HTTPS 运行的域，并使用由您自己的证书颁发机构 (ca) 签署的证书.

I am assuming that you are requesting a domain running over HTTPS with a certificate signed by your own certificate authority (ca).

当使用请求库时，不需要自己实际实例化代理，您可以简单地为您提出的请求提供一些 agentOptions .下面是一个例子:

When using the request library, as you do, there is no need to actually instantiate the agent yourself, you can simply provide some agentOptions to the request you are making. The following is an example:

request({
  method: "POST",
  uri: "https://localhost/entries",
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    name: "someEntry"
  }),
  agentOptions: {
    ca: fs.readFileSync("certs/ca.cert.pem")
  }
}, function(error, httpResponse, body) {
  //handle response
});

这里重要的是agentOptions，你提供一个CA的证书.现在接受所有使用由 CA 签署的证书的域.想象一个 ca CA1 签署了三个域，D1、D2、D3.将 ca 设置为 CA1 会导致允许对所有域 D1、D2、D3(但不是D4 由不同的 CA 签署).

The important thing here is the agentOptions, which you provide the certificate of a ca. All domains using certificates signed by the ca are now accepted. Imagine a ca CA1 has signed three domains, D1, D2, D3. Setting the ca to CA1 results in allowing requests to all of the domains D1, D2, D3 (but not D4 signed by a different ca).

重点是:"certs/ca.cert.pem" 必须是签名证书颁发机构的证书.

Point being: the "certs/ca.cert.pem" must be the certificate of the signing certificate authority.

这篇关于如何使用 node.js 请求模块使用我自己的证书进行 SSL 调用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！