node.js我可以为同一个项目使用多个ssl证书和密钥吗? [英] node.js can i use multiple ssl certificates and keys for same project and how?
问题描述
i have my paypal ssl certificate for the paypal ipn added for my code like that and it working without any problems
var httpsOptions = {
key: fs.readFileSync('./app/certsandkeys/my-prvkey.pem'),
cert: fs.readFileSync('./app/certsandkeys/my-pubcert.pem'),
requestCert: true
//pfx: fs.readFileSync('./app/certsandkeys/ssl/crt.pfx'),
//passphrase:"password"
}
https.createServer(httpsOptions, app).listen(443,function (req,res) {
console.log("server listening on port " + 443);
});
但是我现在需要认证整个站点,因此我使用openssl(server.crt和server.csr和server.key)创建了一个ssl证书和密钥,但是现在我不知道如何在贝宝ipn证书和httpsOptions上的密钥
but what i need now is to certificating my whole site so i created an ssl cert and key using openssl (server.crt and server.csr and server.key ) but now i don't know how to add it beside the paypal ipn cert and key on httpsOptions
我发现的唯一类似内容是来自 github问题的代码
the only thing i found about something like that is this code from github issues
var options = {
key: [key1, key2],
cert: [cert1, cert2],
ca: caCert
};
var server = https.createServer(options);
那么正确的做法是什么?
so what's the right way for doing that ?
推荐答案
在同一服务器上使用不同的密钥由服务器名称指示(SNI)处理,并且对于不同的服务器要求使用不同的域名. 此问题显示了如何使用SNI来创建不同的第二个域名的安全上下文.
Using different keys on the same server is handled by Server Name Indication (SNI) and requires different domain names for the different servers. This question shows how SNI would be used to create a different security context for the second domain name.
在默认上下文中更改键的代码应如下所示:
Changing that code for a key in the default context should look something like this:
const secondContext = tls.createSecureContext({
key: [key2],
cert: [cert2]
});
const options = {
key: [key1],
cert: [cert1],
SNICallback: function (domain, cb) {
if (domain === 'key2domain.example.com') {
cb(null, secondContext);
} else {
cb();
}
}
}
从所指的贝宝文档中尚不清楚,贝宝是否正在为该IPN服务URL设置备用域.取而代之的是,他们的过程似乎接受了CSR来处理仅用于IPN的自签名证书,并提供对其进行付费签名以将其用于用户可见的按钮,即他们提供了自己的CA服务?
It's not clear from the paypal docs you refer to whether paypal is having you set up an alternate domain for this IPN service URL. Instead, it looks like their process accepts a CSR to handle self-signed certs for IPN-only use and offers a payed signing of it to use it for user visible buttons, i.e. they offer their own CA service?
您可以在同一密钥上提交多个CSR,因此您可以尝试依赖单个私钥,并保持普通CA的证书链.但是,如果他们强制使用自己的证书链,那么您可能需要为此创建一个单独的(子)域,以为SNI提供不同的链.
You can submit multiple CSRs on the same key, so you could try relying on a single private key and keep a certificate chain from a normal CA. But if they enforce usage of their own certificate chain, then you will probably need to create a separate (sub)domain for this usage to provide different chains with SNI.
这篇关于node.js我可以为同一个项目使用多个ssl证书和密钥吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
