如何为 https 网络服务器创建.pem 文件

我正在使用 Node.js 中的 Express 框架来创建一个 Web 服务器。我想使用 ssl 的网络服务器的连接。

创建 https Web 服务器的代码如下所示。

var app = express.createServer({
key: fs.readFileSync('./conf/key.pem'),
cert: fs.readFileSync('./conf/cert.pem')
});
module.exports = app;

问: 如何创建 Express 所需的 key.pem 和 cert.pem?

100658 次浏览
小开
最佳答案

The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like -----BEGIN RSA PRIVATE KEY----- or similar.

To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR (which also contains your public key).You can do this in a variety of ways, but here's how in OpenSSL.

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

This will cause you to enter an interactive prompt to generate a 2048-bit RSA private key and a CSR that has all the information you choose to enter at the prompts. (Note: Common Name is where you'll want to put the domain name you'll be using to access your site.) Once you've done this you would normally submit this CSR to a trusted certificate authority and once they've validated your request you would receive a certificate.

If you don't care about your certificate being trusted (usually the case for development purposes) you can just create a self-signed certificate. To do this, we can use almost the same line, but we'll pass two extra parameters.

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

This will give you a cert (valid for 10 years) and key pair that you can use in the code snippet you posted.

小开

Just follow this procedure :

  1. create the folder where you want to store your key & certificate :

    mkdir conf

  1. go to that directory :

    cd conf

  1. grab this ca.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf

  1. create a new certificate authority using this configuration :

    openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem

  1. now that we have our certificate authority in ca-key.pem and ca-cert.pem, let's generate a private key for the server :

    openssl genrsa -out key.pem 4096

  1. grab this server.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf

  1. generate the certificate signing request using this configuration :

    openssl req -new -config server.cnf -key key.pem -out csr.pem

  1. sign the request :

    openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

I found this procedure here, along with more information on how to use these certificates.

小开

An alternative is to generate the certificates with the pem library using the createCertificate method of the class.

The process would be as follows:

Install openssl in your system if not there already, for instance for windows 10 the a compiled version of the sources (seems like the most open one) can be found here: https://curl.se/windows/ the explanations of how it is compiled and safeguarded are here: https://wiki.openssl.org/index.php/Binaries. For the source https://www.openssl.org/community/binaries.html For windows, you may want to add the diretory of the openssl.bin file to the system environment path variable (https://www.architectryan.com/2018/08/31/how-to-change-environment-variables-on-windows-10/) or pass the location of the file to the PEM library.

Instal pem using (documentation here: https://github.com/Dexus/pem

npm i pem

at the command line at the root of the server.

From the documentation you can see that a simple https server with the keys can be created simply by:

const https = require('https')
const pem = require('pem')


pem.createCertificate({ days: 1, selfSigned: true }, (err, keys) => {
if (err) {
throw err
}
https.createServer({ key: keys.clientKey, cert: keys.certificate }, (req, res)  => {
res.end('o hai!')
}).listen(443)
})

or using express npm i express at the command line at the root of the server):

const https = require('https')
const pem = require('pem')
const express = require('express')


pem.createCertificate({ days: 1, selfSigned: true }, (err, keys) => {
if (err) {
throw err
}
const app = express()


app.get('/', (req, res) => {
res.send('o hai!')
})


https.createServer({ key: keys.clientKey, cert: keys.certificate }, app).listen(443)
})

Just changed the var for const as appropiate, and functions for arrow functions


提交答案