使用自签名证书时如何响应OCSPRequest?
How to respond to OCSPRequest when using a self signed certificate?
我正在尝试使用自签名证书创建一个 https 服务器,但它似乎失败了,因为它需要对 OCSPRequest 回调的响应,我不知道它应该包含什么。文档 (https://nodejs.org/api/tls.html#tls_event_ocsprequest) 对我来说一点帮助都没有,尤其是这一部分:
- Server extracts the OCSP URL from either the certificate or issuer and performs an OCSP request to the CA.
如何提取 OCSP URL?我什至需要这样做吗? What/who 是 CA?证书颁发机构?不知道,我想在这种情况下就是我,因为我自己创建了证书,对吗?我该如何进行?
const fs = require("fs");
const httpsServer = require("https").createServer({
key: fs.readFileSync("./key.pem"),
cert: fs.readFileSync("./cert.pem"),
});
const server = httpsServer.listen(9777);
server.on('OCSPRequest', (certificate, issuer, callback) => {
let response = 'What goes in here?';
callback(null, response);
});
我找到的所有例子都没有提到它,例如:https://nodejs.org/en/knowledge/HTTP/servers/how-to-create-a-HTTPS-server/
无法撤销自签名证书,因为证书的颁发者就是证书本身。不可能撤销意味着没有 OCSP 响应。因此,基于您链接到的文档的预期行为是:
Alternatively, callback(null, null) may be called, indicating that there was no OCSP response.
我正在尝试使用自签名证书创建一个 https 服务器,但它似乎失败了,因为它需要对 OCSPRequest 回调的响应,我不知道它应该包含什么。文档 (https://nodejs.org/api/tls.html#tls_event_ocsprequest) 对我来说一点帮助都没有,尤其是这一部分:
- Server extracts the OCSP URL from either the certificate or issuer and performs an OCSP request to the CA.
如何提取 OCSP URL?我什至需要这样做吗? What/who 是 CA?证书颁发机构?不知道,我想在这种情况下就是我,因为我自己创建了证书,对吗?我该如何进行?
const fs = require("fs");
const httpsServer = require("https").createServer({
key: fs.readFileSync("./key.pem"),
cert: fs.readFileSync("./cert.pem"),
});
const server = httpsServer.listen(9777);
server.on('OCSPRequest', (certificate, issuer, callback) => {
let response = 'What goes in here?';
callback(null, response);
});
我找到的所有例子都没有提到它,例如:https://nodejs.org/en/knowledge/HTTP/servers/how-to-create-a-HTTPS-server/
无法撤销自签名证书,因为证书的颁发者就是证书本身。不可能撤销意味着没有 OCSP 响应。因此,基于您链接到的文档的预期行为是:
Alternatively, callback(null, null) may be called, indicating that there was no OCSP response.