HTTPS 客户端证书错误 ERR_SSL_SERVER_CERT_BAD_FORMAT
HTTPS Client certificate error ERR_SSL_SERVER_CERT_BAD_FORMAT
我正在尝试在节点中使用客户端 HTTPS 证书系统。
这是我生成 ssl 文件所做的工作:
# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr
# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -aes256 -out client.key 4096
openssl req -new -key client.key -out client.csr
# Sign client certificate
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key
然后我在节点中使用以下代码(使用 express):
let server = https.createServer({
key : fs.readFileSync('./ssl/server.key'),
cert : fs.readFileSync('./ssl/server.crt'),
ca : fs.readFileSync('./ssl/ca.crt'),
requestCert : true,
rejectUnauthorized: false
}, app);
app是快递申请。然后我使用 listen 函数。
将 p12 文件添加到 Chrome 后,当我在我的网站上导航时出现错误:ERR_SSL_SERVER_CERT_BAD_FORMAT
谁能告诉我我错过了什么?
注意:当我尝试添加 p12 文件时,Chrome 中经常出现错误:Unknown Error。我不记得我是如何设法让它工作的 ERR_SSL_SERVER_CERT_BAD_FORMAT
事实上,序列号必须是唯一的。 cURL 不关心,浏览器关心。
您可以使用:
# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr
# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -aes256 -out test.key 4096
openssl req -new -key test.key -out test.csr
# Sign client certificate
openssl x509 -req -days 365 -in test.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out test.crt
# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in test.crt -inkey test.key -out test.p12
# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key
我正在尝试在节点中使用客户端 HTTPS 证书系统。 这是我生成 ssl 文件所做的工作:
# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr
# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -aes256 -out client.key 4096
openssl req -new -key client.key -out client.csr
# Sign client certificate
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key
然后我在节点中使用以下代码(使用 express):
let server = https.createServer({
key : fs.readFileSync('./ssl/server.key'),
cert : fs.readFileSync('./ssl/server.crt'),
ca : fs.readFileSync('./ssl/ca.crt'),
requestCert : true,
rejectUnauthorized: false
}, app);
app是快递申请。然后我使用 listen 函数。
将 p12 文件添加到 Chrome 后,当我在我的网站上导航时出现错误:ERR_SSL_SERVER_CERT_BAD_FORMAT
谁能告诉我我错过了什么?
注意:当我尝试添加 p12 文件时,Chrome 中经常出现错误:Unknown Error。我不记得我是如何设法让它工作的 ERR_SSL_SERVER_CERT_BAD_FORMAT
事实上,序列号必须是唯一的。 cURL 不关心,浏览器关心。 您可以使用:
# CA Key and Certificate
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Server Key CSR and Certificate
openssl genrsa -aes256 -out server.key 4096
openssl req -new -key server.key -out server.csr
# Self Signing
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -aes256 -out test.key 4096
openssl req -new -key test.key -out test.csr
# Sign client certificate
openssl x509 -req -days 365 -in test.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out test.crt
# Pack client key and certificate to be used in browsers
openssl pkcs12 -export -clcerts -in test.crt -inkey test.key -out test.p12
# Remove password from server key
openssl rsa -in server.key -out server.key.nopwd && mv server.key.nopwd server.key