如何将自定义证书颁发机构 (CA) 添加到 nodejs [英] How to add custom certificate authority (CA) to nodejs

问题描述

我正在使用 CLI 工具来构建混合移动应用程序，该应用程序具有很酷的上传功能，因此我可以在设备上测试该应用程序，而无需通过应用程序商店(它是 ionic-cli).但是，在我的公司中，与许多其他公司一样，TLS 请求是使用公司自己的自定义 CA 证书重新签名的，该证书位于我的机器上的钥匙串 (OS X) 中.但是，nodejs 不使用钥匙串来获取其要信任的 CA 列表.我不控制 ionic-cli 应用程序，所以我不能简单地将 { ca: } 属性传递给 https 模块.我也可以看到这是我无法控制的任何节点应用程序的问题.是否可以告诉 nodejs 信任 CA?

I'm using a CLI tool to build hybrid mobile apps which has a cool upload feature so I can test the app on a device without going through the app store (it's ionic-cli). However, in my company like so many other companies TLS requests are re-signed with the company's own custom CA certificate which I have on my machine in the keychain (OS X). However, nodejs does not use the keychain to get its list of CA's to trust. I don't control the ionic-cli app so I can't simply pass in a { ca: } property to the https module. I could also see this being a problem for any node app which I do not control. Is it possible to tell nodejs to trust a CA?

我不确定这是否属于信息安全或任何其他交易所...

I wasn't sure if this belonged in Information Security or any of the other exchanges...

推荐答案

Node.js 7.3.0(以及 LTS 版本 6.10.0 和 4.8.0)添加了 NODE_EXTRA_CA_CERTS 环境变量，供您传递 CA 证书文件.这比使用 NODE_TLS_REJECT_UNAUTHORIZED 禁用证书验证更安全.

Node.js 7.3.0 (and the LTS versions 6.10.0 and 4.8.0) added NODE_EXTRA_CA_CERTS environment variable for you to pass the CA certificate file. It will be safer than disabling certificate verification using NODE_TLS_REJECT_UNAUTHORIZED.

$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]

这篇关于如何将自定义证书颁发机构 (CA) 添加到 nodejs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！