运行 尝试创建 HTTPS 后启动 node-red-start "Error 140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small"
Running node-red-start after trying to create HTTPS "Error 140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small"
大家好,我一直在为我的 raspberry Pi 设置对 node-red 的远程访问。我修改了 settings.js 并安装了 node-red-admin 但是当我开始 node-red 时出现以下错误:
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at Object.createSecureContext (_tls_common.js:131:17)
at Server.setSecureContext (_tls_wrap.js:1152:27)
at Server (_tls_wrap.js:1030:8)
at new Server (https.js:65:14)
at Object.createServer (https.js:89:10)
at Object.<anonymous> (/usr/lib/node_modules/node-red/red.js:141:20)
at Module._compile (internal/modules/cjs/loader.js:945:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:962:10)
at Module.load (internal/modules/cjs/loader.js:798:32)
at Function.Module._load (internal/modules/cjs/loader.js:711:12) {
library: 'SSL routines',
function: 'SSL_CTX_use_certificate',
reason: 'ee key too small',
code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}
nodered.service: Main process exited, code=exited, status=1/FAILURE
nodered.service: Failed with result 'exit-code'.
nodered.service: Service RestartSec=100ms expired, scheduling restart.
nodered.service: Scheduled restart job, restart counter is at 1.
Stopped Node-RED graphical event wiring tool.
Started Node-RED graphical event wiring tool.
_tls_common.js:131
c.context.setCert(cert);
这发生在我成功创建 privatekey.pem 和 certificate.pem 之后。为了创建这些文件,我使用了:
openssl genrsa -out privatekey.pem 1024
然后用了
openssl req -new -key privatekey.pem -out private-csr.pem
之后我输入了相关信息,然后 "signature is ok" 和
收到了验证
openssl x509 -req -days 365 -in private-csr.pem -signkey privatekey.pem -out certificate.pem
由于上面返回了 ls -la 下的 privatekey.pem 和 certificate.pem 文件,我移动到未注释的以下内容:
// The `https` setting requires the `fs` module. Uncomment the
following
// to make it available:
var fs = require("fs");
module.exports = {
// the tcp port that the Node-RED web server is listening on
uiPort: process.env.PORT || 1880,
还有
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: "aMiva2AQEFlXQ3S7emXlIuLkLzNzi9yzgqxGYMY5dzK4FzNQa7dCu",
permissions: "*"
}
]
},
正在加载 fs 模块
https: {
key: fs.readFileSync('/home/pi/.node-red/privatekey.pem'),
cert: fs.readFileSync('/home/pi/.node-red/certificate.pem')
},
完成此配置后,我收到开头所述的错误消息。
更新:我确实删除了 .node-red/settings.js 的内容并替换为 https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js
节点红色开始了!哇哦!
但是,当再次尝试重新配置 settings.js 文件时,它会遇到同样的错误。
仅供参考,我正在小心地取消注释行,但是问题可能出在我从 node-red-admin 收到的哈希密码中吗?因为当我通过 "su" 以 root 身份登录后尝试使用 "npm install -g node-red-admin" 安装 node-red-admin 时,它会出现以下内容:
pi@padrejuan:~ $ su
Password:
root@padrejuan:/home/pi# npm install -g node-red-admin
/usr/local/bin/node-red-admin -> /usr/local/lib/node_modules/node-red-
admin/node-red-admin.js
> bcrypt@3.0.6 install /usr/local/lib/node_modules/node-red-
admin/node_modules/bcrypt
> node-pre-gyp install --fallback-to-build
node-pre-gyp WARN Using request for node-pre-gyp https download
node-pre-gyp WARN Pre-built binaries not installable for bcrypt@3.0.6
and node@12.11.1 (node-v72 ABI, glibc) (falling back to source compile
with node-gyp)
node-pre-gyp WARN Hit error EACCES: permission denied, mkdir
'/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/lib'
gyp WARN EACCES user "nobody" does not have permission to access the
dev dir "/root/.cache/node-gyp/12.11.1"
gyp WARN EACCES attempting to reinstall using temporary dev dir
"/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/.node-
gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error
等等。
如有任何帮助,我们将不胜感激
问题是最新版本的 openssl 现在认为位长度为 1024 的密钥是不安全的。
重新生成大小为2048的私钥,然后重新创建证书。
openssl genrsa -out privatekey.pem 2048
https://github.com/debauchee/barrier/issues/126#issuecomment-505933083
It is just a matter of editing file /etc/ssl/openssl.cnf changing last line
from:
CipherString = DEFAULT@SECLEVEL=2
to
CipherString = DEFAULT@SECLEVEL=1
大家好,我一直在为我的 raspberry Pi 设置对 node-red 的远程访问。我修改了 settings.js 并安装了 node-red-admin 但是当我开始 node-red 时出现以下错误:
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at Object.createSecureContext (_tls_common.js:131:17)
at Server.setSecureContext (_tls_wrap.js:1152:27)
at Server (_tls_wrap.js:1030:8)
at new Server (https.js:65:14)
at Object.createServer (https.js:89:10)
at Object.<anonymous> (/usr/lib/node_modules/node-red/red.js:141:20)
at Module._compile (internal/modules/cjs/loader.js:945:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:962:10)
at Module.load (internal/modules/cjs/loader.js:798:32)
at Function.Module._load (internal/modules/cjs/loader.js:711:12) {
library: 'SSL routines',
function: 'SSL_CTX_use_certificate',
reason: 'ee key too small',
code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}
nodered.service: Main process exited, code=exited, status=1/FAILURE
nodered.service: Failed with result 'exit-code'.
nodered.service: Service RestartSec=100ms expired, scheduling restart.
nodered.service: Scheduled restart job, restart counter is at 1.
Stopped Node-RED graphical event wiring tool.
Started Node-RED graphical event wiring tool.
_tls_common.js:131
c.context.setCert(cert);
这发生在我成功创建 privatekey.pem 和 certificate.pem 之后。为了创建这些文件,我使用了:
openssl genrsa -out privatekey.pem 1024
然后用了
openssl req -new -key privatekey.pem -out private-csr.pem
之后我输入了相关信息,然后 "signature is ok" 和
收到了验证openssl x509 -req -days 365 -in private-csr.pem -signkey privatekey.pem -out certificate.pem
由于上面返回了 ls -la 下的 privatekey.pem 和 certificate.pem 文件,我移动到未注释的以下内容:
// The `https` setting requires the `fs` module. Uncomment the
following
// to make it available:
var fs = require("fs");
module.exports = {
// the tcp port that the Node-RED web server is listening on
uiPort: process.env.PORT || 1880,
还有
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: "aMiva2AQEFlXQ3S7emXlIuLkLzNzi9yzgqxGYMY5dzK4FzNQa7dCu",
permissions: "*"
}
]
},
正在加载 fs 模块
https: {
key: fs.readFileSync('/home/pi/.node-red/privatekey.pem'),
cert: fs.readFileSync('/home/pi/.node-red/certificate.pem')
},
完成此配置后,我收到开头所述的错误消息。 更新:我确实删除了 .node-red/settings.js 的内容并替换为 https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js 节点红色开始了!哇哦! 但是,当再次尝试重新配置 settings.js 文件时,它会遇到同样的错误。 仅供参考,我正在小心地取消注释行,但是问题可能出在我从 node-red-admin 收到的哈希密码中吗?因为当我通过 "su" 以 root 身份登录后尝试使用 "npm install -g node-red-admin" 安装 node-red-admin 时,它会出现以下内容:
pi@padrejuan:~ $ su
Password:
root@padrejuan:/home/pi# npm install -g node-red-admin
/usr/local/bin/node-red-admin -> /usr/local/lib/node_modules/node-red-
admin/node-red-admin.js
> bcrypt@3.0.6 install /usr/local/lib/node_modules/node-red-
admin/node_modules/bcrypt
> node-pre-gyp install --fallback-to-build
node-pre-gyp WARN Using request for node-pre-gyp https download
node-pre-gyp WARN Pre-built binaries not installable for bcrypt@3.0.6
and node@12.11.1 (node-v72 ABI, glibc) (falling back to source compile
with node-gyp)
node-pre-gyp WARN Hit error EACCES: permission denied, mkdir
'/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/lib'
gyp WARN EACCES user "nobody" does not have permission to access the
dev dir "/root/.cache/node-gyp/12.11.1"
gyp WARN EACCES attempting to reinstall using temporary dev dir
"/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/.node-
gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error
等等。
如有任何帮助,我们将不胜感激
问题是最新版本的 openssl 现在认为位长度为 1024 的密钥是不安全的。
重新生成大小为2048的私钥,然后重新创建证书。
openssl genrsa -out privatekey.pem 2048
https://github.com/debauchee/barrier/issues/126#issuecomment-505933083
It is just a matter of editing file /etc/ssl/openssl.cnf changing last line
from:
CipherString = DEFAULT@SECLEVEL=2
to
CipherString = DEFAULT@SECLEVEL=1