使用 X509 证书请求 [英] Request with X509 Certificate
问题描述
我已收到 X509 证书(一个 .cer 文件),我可以解码 它,所以没有问题.现在我想在节点中使用此证书签署请求,但我无法使其正常工作:
I have received a X509 certificate (one .cer file), I can decode it, so no problems on that. Now I want to sign a request with this certificate in node, but I can't get this to work:
var https = require("https");
var fs = require("fs");
var options = {
host: 'management.core.windows.net',
path: '/my-subscription-id/services/hostedservices',
port: 443,
method: 'GET',
cert: fs.readFileSync("./SSLDevCert.cer"),
agent: false
};
var req = https.request(options, function(res) {
console.log("statusCode: ", res.statusCode);
console.log("headers: ", res.headers);
res.on('data', function(d) {
process.stdout.write(d);
});
});
这失败了
错误:错误:0906D06C:PEM 例程:PEM_read_bio:没有起始行
在 Object.createCredentials (crypto.js:72:31)
在 Object.connect (tls.js:857:27)
在 Agent._getConnection (https.js:61:15)
在 Agent._establishNewConnection (http.js:1183:21)
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createCredentials (crypto.js:72:31)
at Object.connect (tls.js:857:27)
at Agent._getConnection (https.js:61:15)
at Agent._establishNewConnection (http.js:1183:21)
在 C# 中做同样的工作很好:
Doing the same in C# works fine:
var req = (HttpWebRequest)WebRequest.Create(string.Format("https://management.core.windows.net/{0}/services/hostedservices", "my-subscription-id"));
req.ClientCertificates.Add(new X509Certificate2(File.ReadAllBytes("./SSLDevCert.cer"));
var resp = req.GetResponse();
推荐答案
对此的跟进:
仅 .cer 文件可能意味着私钥在证书中(Azure 证书就是这种情况),您必须在 PEM 中进行转换文件(以 ----BEGIN RSA PRIVATE KEY---- 开头),然后使用:
Only .cer file probably means that the private key is in the certificate (well that's the case with the Azure certs), you will have to transform in a PEM file (that starts with ----BEGIN RSA PRIVATE KEY----) and then do a request with:
var key = fs.readFileSync("./key.pem");
var options = {
cert: key,
key: key
}
从文件中获取私钥可能有点棘手,但这适用于 Azure 证书,因此它可能对你们中的任何人有所帮助:
Getting the private key from the file can be a bit tricky, but this worked on Azure certificates, so it might help any of you:
openssl pkcs12 -in ' + file + ' -nodes -passin pass:
(注意空参数)
这篇关于使用 X509 证书请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
