Node.js https pem 错误:错误:0906D06C:PEM 例程:PEM_read_bio:没有起始行 [英] Node.js https pem error: error:0906D06C:PEM routines:PEM_read_bio:no start line
问题描述
我从证书颁发机构获得了这些文件:
I got these files from the Certificate Authority:
- domain.com.p7b
- domain.com.crt
- domain.com.ca-bundle
我尝试了这个小代码:
var express = require('express');
var app = express();
var fs = require("fs");
var https = require('https');
var privateKey = fs.readFileSync('domain.com.p7b').toString();
var certificate = fs.readFileSync('domain.com.crt').toString();
var ca_bundle = fs.readFileSync('domain.com.ca-bundle').toString();
var credentials = { key: privateKey,
ca : ca_bundle,
cert: certificate};
https.createServer(credentials,app).listen(8080, function () {
console.log('Example app listening on port 8080!');
});
启动脚本后,出现以下错误:
After start script, I get the following error:
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
(err): Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
(err): at Error (native)
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
google 上的所有例子都使用自签名证书,但是当我需要在真实环境中工作时会发生什么?
All the examples on google uses self-signed certificates , but what happen when I need to work in a real environment?
我的小代码在开发中使用自签名密钥,遵循以下示例:
My little code works in development with self signed keys , following this example:
我研究了一下,发现了这个:
I researched and I found this:
- https://www.namecheap.com/support/knowledgebase/article.aspx/9705/0/nodejs
- http://www.backwardcompatible.net/155-设置-真实-SSL-Nodejs-Express
- Node.js https pem 错误:例程:PEM_read_bio:没有起始行
但我无法纠正错误.
我也减少到一个文件:
var credentials = {cert: certificate};
而且错误是一样的.所以我认为当我将这些证书从 Windows 移动到 unix 时,可能是格式错误.我用了dos2unix工具,还是一样的错误.
And the error is the same. So I thought that maybe is a format error when I move these certificates from windows to unix. I used dos2unix tool and the error is the same.
我的节点版本是4.4.7
My node version is 4.4.7
感谢任何帮助.
提前致谢!
当您使用 https 证书、域或子域时,忘记了用于开发应用程序的技术.
When you are working with https certificates, domains or subdomains, forgot the technology used to develop the application.
Node.js、java、python 和其他语言都有库可以使用 https 发布安全端点.这是通过手动加载您购买的或自签名的证书来实现的.这行得通,但这不是正确的方法,因为.
Node.js, java, python and other languages has libraries to publish secure endpoint with https. This is achieved loading manually your purchased or self-signed certificates. This works, but this is not the right way due to.
例如:开发团队启动应用程序会有问题,因为源代码需要证书和其他配置.测试部署需要特定的证书等
For example : Development team will have problems to star up the application, because the source code needs the certificates and other configurations. Deployment on testing will need specific certificates, etc
对于一个干净、可维护和可扩展的架构,并遵循模式 关注点分离 (SoC) 不要修改您的源代码,并将这项工作或复杂性留给 apache、nginx、haproxy、aws elb 或一些负载均衡器 &路由器:
For a clean, maintainable and scalable architecture, and following the pattern separation of concerns (SoC) DONT MODIFY YOUR SOURCE CODE and leave this work or complexity to apache , nginx, haproxy, aws elb or some load balancer & router:
apache 2.2 示例
SSLCertificateFile /some/folder/certificate.crt
SSLCertificateKeyFile /some/folder/initial.key
SSLCertificateChainFile /some/folder/certificate.ca-bundle
nginx 示例
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
...
}
这种复杂性必须对开发团队透明,并应由系统管理员、基础设施或与贵公司网络相关的其他团队管理.
This kind of complexity must be transparent for the development team and should be managed by sysadmin,infrastructure or another teams related to networks of your company.
推荐答案
我有点晚了,但我希望这会有所帮助.
I little late but I hope this helps.
如果有人使用这些文件:pb7、crt、ca-bundle 并出现此错误:
If someone have work with these files : pb7, crt,ca-bundle and have this error:
error:0906D06C:PEM routines:PEM_read_bio:no start line
这意味着这些文件是错误的、损坏的或被其他环境(例如 Windows)请求,因为这篇文章说:https://serverfault.com/a/317038
This would mean that these files are wrong, corrupt or was requested for another environments (windows for example) as this post says:https://serverfault.com/a/317038
因此,在我的情况下,解决方案是请求新证书,并且在规范中,我输入了以下内容:
So the solution in my case was request for a new certificates and in the specifications , I put the following:
- Linux 兼容性
保存创建 csr 并将其发送给证书提供者的私钥也很重要(我称为 initial.key).
Also is important save the private key with which the csr was created and sent to the certificator provider(I called initial.key).
示例 http://www.backwardcompatible.net/155-设置-真实-SSL-Nodejs-Express
最后,您的提供商将向您发送一个包含多个文件的 zip.您的节点应用只需要一个 .crt 文件:
Finally , your provider will send you a zip with several files. You only need a .crt file for your node app:
var privateKey = fs.readFileSync('/some/folder/initial.key').toString();
var certificate = fs.readFileSync('/some/folder/certificate.crt').toString();
var credentials = {key: privateKey, cert: certificate};
注意:certificate.ca-bundle 和 certificate.crt 文件必须由证书提供者发送.
Note : certificate.ca-bundle and certificate.crt files must be sent by certificator provider.
HTH
这篇关于Node.js https pem 错误:错误:0906D06C:PEM 例程:PEM_read_bio:没有起始行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
