如何使用node.js请求模块使用自己的证书进行SSL调用？ [英] How do I use the node.js request module to make an SSL call with my own certificate?

问题描述

我使用node.js和此请求模块对另一个服务器进行HTTP调用。

I'm using node.js and this request module to make HTTP calls to another server.

https://github.com/mikeal/request

效果非常好。我现在需要修改此代码以通过SSL进行调用，使用我公司的SSL证书。在请求模块的文档中，它说明关于strictSSL选项：

It works great. I now need to modify this code to make the calls over SSL, using my company's SSL certificate. In the request module's docs, it says this about the strictSSL option:

strictSSL - 设置为true以要求SSL证书有效注意：使用自己的证书权限，你需要指定一个代理，使用该ca创建的选项。

"strictSSL - Set to true to require that SSL certificates be valid. Note: to use your own certificate authority, you need to specify an agent that was created with that ca as an option."

这听起来像我需要做的，但我不明白这个短语：指定使用该ca作为选项创建的代理。

This sounds like what I need to do, but I don't understand this phrase: "specify an agent that was created with that ca as an option.".

1）代理是什么意思？
2）如何指定一个代理
3）如何创建代理使用ca作为选项？

1) What do they mean by "an agent"? 2) How do I "specify an agent" 3) How do I create the agent "with that ca as an option"?

代码示例将是惊人的，但任何潜在客户将是有益的。感谢。

A code example would be amazing, but any leads would be helpful. Thanks.

推荐答案

这主要阐述 Peter Lyons的回答，提供了一个例子。

This largely elaborates on Peter Lyons' answer, providing an example.

我假设您要求的域名是通过HTTPS运行的，

I am assuming that you are requesting a domain running over HTTPS with a certificate signed by your own certificate authority (ca).

使用请求库，就像你一样，没有必要自己实例化代理，你可以简单地提供一些 agentOptions 给你的请求。以下是一个示例：

When using the request library, as you do, there is no need to actually instantiate the agent yourself, you can simply provide some agentOptions to the request you are making. The following is an example:

request({
  method: "POST",
  uri: "https://localhost/entries",
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    name: "someEntry"
  }),
  agentOptions: {
    ca: fs.readFileSync("certs/ca.cert.pem")
  }
}, function(error, httpResponse, body) {
  //handle response
});

这里的重要的是 agentOptions 你提供的证书的ca.使用由ca签名的证书的所有域现在被接受。假设某个CA CA1 已签署三个网域： D1 ， D2 和 D3 。将ca设置为 CA1 会允许请求所有域 D1 ， D2 ， D3 D4 由不同的ca签署。

The important thing here is the agentOptions, which you provide the certificate of a ca. All domains using certificates signed by the ca are now accepted. Imagine a ca CA1 has signed three domains, D1, D2, D3. Setting the ca to CA1 results in allowing requests to all of the domains D1, D2, D3 (but not D4 signed by a different ca).

点：certs / ca.cert.pem必须是签名证书颁发机构的证书。

Point being: the "certs/ca.cert.pem" must be the certificate of the signing certificate authority.

这篇关于如何使用node.js请求模块使用自己的证书进行SSL调用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！