admin管理员组

文章数量:1312773

I`m trying to make client authorization with self-signed .

First, i`m creating certificates:

CA certificate

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Server certificate

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Client sertificate

openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Convert client certificate to p12

openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12

Open and install p12 certificate open client.p12

My node.js server (using express.js)

var express = require('express')
    , routes = require('./routes')
    , user = require('./routes/user')
    , http = require('http')
    , path = require('path')
    , https = require('https')
    , fs = require('fs');

var app = express();

app.configure(function () {
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(express.static(path.join(__dirname, 'public')));
});

app.configure('development', function () {
    app.use(express.errorHandler());
});

app.get('/', function(req, res) {
    console.log(req.client.authorized);
    res.send(req.client.authorized)
});

var options = {
    key:fs.readFileSync('ssl/server.key'),
    cert:fs.readFileSync('ssl/server.crt'),
    ca:[fs.readFileSync('ssl/ca.crt')],
    requestCert:true,
    rejectUnauthorized:false,
    passphrase: 'passphrase',
    agent: false
    };

    https.createServer(options,app).listen(app.get('port'), function () {
        console.log("Express server listening on port " + app.get('port'));
    });

When servers is running, i open https://localhost:3000 in Chrome, but authentication do not pass: req.client.authorized is false

Chrome message is

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

Where is my mistake?

I`m trying to make client authorization with self-signed .

First, i`m creating certificates:

CA certificate

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Server certificate

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Client sertificate

openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Convert client certificate to p12

openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12

Open and install p12 certificate open client.p12

My node.js server (using express.js)

var express = require('express')
    , routes = require('./routes')
    , user = require('./routes/user')
    , http = require('http')
    , path = require('path')
    , https = require('https')
    , fs = require('fs');

var app = express();

app.configure(function () {
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(express.static(path.join(__dirname, 'public')));
});

app.configure('development', function () {
    app.use(express.errorHandler());
});

app.get('/', function(req, res) {
    console.log(req.client.authorized);
    res.send(req.client.authorized)
});

var options = {
    key:fs.readFileSync('ssl/server.key'),
    cert:fs.readFileSync('ssl/server.crt'),
    ca:[fs.readFileSync('ssl/ca.crt')],
    requestCert:true,
    rejectUnauthorized:false,
    passphrase: 'passphrase',
    agent: false
    };

    https.createServer(options,app).listen(app.get('port'), function () {
        console.log("Express server listening on port " + app.get('port'));
    });

When servers is running, i open https://localhost:3000 in Chrome, but authentication do not pass: req.client.authorized is false

Chrome message is

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

Where is my mistake?

  • javascript
  • node.js
  • http
  • ssl
  • openssl
Share Improve this question asked Jan 17, 2013 at 16:44 AshotAshot 6401 gold badge6 silver badges14 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 3

Server URL is matched against the Common Name part of the server certificate.

When you create the server certificate request, remember to put the host name of your server to the Common Name part. If you are just testing locally (using https://localhost as an address) use localhost as Common Name.

With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() to obtain the client's authentication details.

http://nodejs/api/http.html#http_request_connection

本文标签: javascriptClient ssl authorization on nodejsStack Overflow

版权声明:本文标题:javascript - Client ssl authorization on node.js - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741899873a2403803.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。