search

Home  >  Q&A  >  body text

node.js - node openssl起https服务 浏览器显示非安全连接 (windows环境)

我按照

openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
生成自签名根证书
openssl genrsa -out server.key 2048
openssl rsa -in server.key -pubout -out server.pem
openssl req -new -key server.key -out server.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
生成服务器证书

// app.js:
var options = {
    key: fs.readFileSync(’./keys/server.key’),
    cert: fs.readFileSync(’./keys/server.crt’)
};
https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end(‘hello world!’);
}).listen(443);

浏览器访问 https://localhost:443,显示:


然后我安装ca.crt,至 ‘受信任的根证书发布机构’目录(windows),再次访问仍然显示这个问题
观察了一下fiddler抓去https的方法,fiddler也是安装它自签名的证书 Do_Not_Trust_FiddlerRoot至’受信任的根证书发布机构’, 且开启fiddler抓包时,并不会报这个错误
这是什么原因呢?

PHP中文网PHP中文网2767 days ago696

reply all(2)I'll reply

  • 天蓬老师

    天蓬老师2017-04-17 14:55:20

    The signature you generate must be like this. Only signatures issued by regular SSL certificate authorities will be recognized by browsers as security certificates.
    You can apply for a free certificate from a first-level certificate issuing agency such as WoSign. After configuring the signature, a green lock will be displayed in front of the browser address bar

    reply
    0
  • PHP中文网

    PHP中文网2017-04-17 14:55:20

    All browsers will block access to self-signed SSL certificates. It is recommended to apply for a trusted SSL certificate from a CA. There are many free SSLs in the market, such as WoSign free SSL, startssl, letsencrypt, etc.

    reply
    0
  • Cancelreply