为本地主机创建一个可信的自签名 SSL 证书(用于 Express/Node) [英] create a trusted self-signed SSL cert for localhost (for use with Express/Node)

问题描述

尝试遵循有关创建与本地主机一起使用的自签名证书的各种说明，大多数说明似乎适用于 IIS，但我正在尝试使用 Nodejs/Express.它们都不能正常工作，因为在安装证书时，它不受信任.这是我尝试过但失败的方法:

• 步骤 7. 转到详细信息面板，单击复制文件，然后出现证书导出向导时，单击下一步，如下所示:

  第8步离开DER编码，点击下一步，选择Browse，把它放在像Desktop这样容易访问的文件夹中，并将证书命名为localhost.cer，然后单击保存"，然后单击完成"..您应该能够在桌面上看到您的证书.

  第 9 步.通过将 chrome://settings/ 插入到 url 框中来打开它.在下方，点击Advanced/Advanced Options，然后向下滚动以找到Manage Certificates.

  第 10 步.转到受信任的根证书颁发机构面板，然后单击导入.

  我们将导入我们刚刚在第 8 步中导出的 localhost.cer 证书.

  第 11 步.点击浏览，找到localhost.cer，保留默认值点击next多次——直到出现这个警告，点击yes.>

  第 12 步. 关闭所有内容，然后重新启动 chrome.然后，当转到 https://localhost:3000 时，您应该看到:

  Trying to follow various instructions on creating a self-signed cert for use with localhost, Most of the instructions seem to be for IIS, but I'm trying to use Nodejs/Express. None of them work properly because while the cert gets installed, it is not trusted. here's what I've tried that fails:

  • How can I create a self-signed cert for localhost?
  • https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04/
  • http://blogs.developerforce.com/developer-relations/2011/05/generating-valid-self-signed-certificates.html
  • http://www.robbagby.com/iis/self-signed-certificates-on-iis-7-the-easy-way-and-the-most-effective-way/

  Can someone offer a workflow that can do this? I can get a cert installed, but I can't get the cert to be trusted in either chrome (v32) or IE (v10).

  EDIT: it was suggested in comments that the problem is no trusted cert-root. I installed the cert via IE but it's still not being trusted.

  解决方案

  The answers above were partial. I've spent so much time getting this working, it's insane. Note to my future self, here is what you need to do:

  I'm working on Windows 10, with Chrome 65. Firefox is behaving nicely - just confirm localhost as a security exception and it will work. Chrome doesn't:

  Step 1. in your backend, create a folder called security. we will work inside it.

  Step 2. create a request config file named req.cnf with the following content (credit goes to: @Anshul)

  req.cnf :

  [req]
  distinguished_name = req_distinguished_name
  x509_extensions = v3_req
  prompt = no
  [req_distinguished_name]
  C = Country initials like US, RO, GE
  ST = State
  L = Location
  O = Organization Name
  OU = Organizational Unit 
  CN = www.localhost.com
  [v3_req]
  keyUsage = critical, digitalSignature, keyAgreement
  extendedKeyUsage = serverAuth
  subjectAltName = @alt_names
  [alt_names]
  DNS.1 = www.localhost.com
  DNS.2 = localhost.com
  DNS.3 = localhost
  

  An explanation of this fields is here.

  Step 3. navigate to the security folder in the terminal and type the following command :

  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.pem -config req.cnf -sha256

  Step 4. then outside of security folder, in your express app do something like this: (credit goes to @Diego Mello)

  backend 
   /security
   /server.js
  

  server.js:

  const express = require('express')
  const app = express()
  const https = require('https')
  const fs = require('fs')
  const port = 3000
  
  app.get('/', (req, res) => {
      res.send("IT'S WORKING!")
  })
  
  const httpsOptions = {
      key: fs.readFileSync('./security/cert.key'),
      cert: fs.readFileSync('./security/cert.pem')
  }
  const server = https.createServer(httpsOptions, app)
      .listen(port, () => {
          console.log('server running at ' + port)
      })
  

  Step 5. start the server, node server.js, and go to https://localhost:3000.

  At this point we have the server setup. But the browser should show a warning message.

  We need to register our self-signed certificate, as a CA trusted Certificate Authority, in the chrome/windows certificates store. (chrome also saves this in windows,)

  Step 6. open Dev Tools in chrome, go to Security panel, then click on View Certificate.

  Step 7. go to Details panel, click Copy File, then when the Certificate Export Wizard appears, click Next as below:

  Step 8. leave DER encoding, click next, choose Browse, put it on a easy to access folder like Desktop, and name the certificate localhost.cer, then click Save and then Finish.. You should be able to see your certificate on Desktop.

  Step 9. Open chrome://settings/ by inserting it in the url box. Down below, click on Advanced / Advanced Options, then scroll down to find Manage Certificates.

  Step 10. Go to Trusted Root Certification Authorities panel, and click import.

  We will import the localhost.cer certificate we just finished exporting in step 8.

  Step 11. click browse, find the localhost.cer, leave the default values click next a bunch of times - until this warning appears, click yes.

  Step 12. close everything, and restart chrome. Then, when going to https://localhost:3000 you should see:

  这篇关于为本地主机创建一个可信的自签名 SSL 证书(用于 Express/Node)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！