HTTPS客户端证书错误ERR_SSL_SERVER_CERT_BAD_FORMAT [英] HTTPS Client certificate error ERR_SSL_SERVER_CERT_BAD_FORMAT

问题描述

我正在尝试在节点中使用客户端HTTPS证书系统.这是我生成ssl文件的操作:

I'm trying to use a client HTTPS certificate system in node. Here what I did to generate ssl files :

# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr

# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# Create the Client Key and CSR
openssl genrsa -aes256 -out client.key 4096
openssl req -new -key client.key -out client.csr

# Sign client certificate
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key

然后我在node中使用以下代码(使用express):

Then I'm using the following code (using express) in node :

let server = https.createServer({
    key               : fs.readFileSync('./ssl/server.key'),
    cert              : fs.readFileSync('./ssl/server.crt'),
    ca                : fs.readFileSync('./ssl/ca.crt'),
    requestCert       : true,
    rejectUnauthorized: false
}, app);

app 是快速应用程序.然后，我使用 listen 函数.将p12文件添加到Chrome后，当我在此处浏览网站时，出现以下错误:ERR_SSL_SERVER_CERT_BAD_FORMAT

appbeing the express application. I then use listenfunction. After adding the p12 file to Chrome, when I navigate on my website here the error I get : ERR_SSL_SERVER_CERT_BAD_FORMAT

有人可以告诉我我错过了什么吗?

Could someone tell me what I missed ?

注意:当我尝试添加p12文件时，我经常在Chrome中出现错误:未知错误.我不记得我如何设法使其获得ERR_SSL_SERVER_CERT_BAD_FORMAT

Note : I have often error in Chrome when I try to add the p12 file : Unknown Error. I don't remember how I managed to get it working to get ERR_SSL_SERVER_CERT_BAD_FORMAT

推荐答案

事实上，序列号必须是唯一的.cURL不在乎，浏览器在乎.您可以使用:

Fact is, serial number must be unique. cURL doesn't care, browser do. You can use :

# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr

# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# Create the Client Key and CSR
openssl genrsa -aes256 -out test.key 4096
openssl req -new -key test.key -out test.csr

# Sign client certificate
openssl x509 -req -days 365 -in test.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out test.crt

# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in test.crt -inkey test.key -out test.p12

# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key

这篇关于HTTPS客户端证书错误ERR_SSL_SERVER_CERT_BAD_FORMAT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！