1. ホーム
  2. 質問と答え
  3. 作成&自己署名証明書でセキュア(HTTPS)nodejs急行アプリ実行 - このガイド<a href="https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js" rel="nofollow noreferrer">https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js</a>後セグメンテーションフォールト

作成&自己署名証明書でセキュア(HTTPS)nodejs急行アプリ実行 - このガイド<a href="https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js" rel="nofollow noreferrer">https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js</a>後セグメンテーションフォールト

2017-01-07 3 views
2

を、私はルートCAを作成し、次のスクリプトで証明書を署名しました:作成&自己署名証明書でセキュア(HTTPS)nodejs急行アプリ実行 - このガイド<a href="https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js" rel="nofollow noreferrer">https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js</a>後セグメンテーションフォールト

メイク本命。 SH

#!/bin/bash 
FQDN=`hostname` 

# make directories to work from 
rm -rf certs 
mkdir -p certs/{server,client,ca,tmp} 

# Create your very own Root Certificate Authority 
openssl genrsa \ 
    -out certs/ca/my-root-ca.key.pem \ 
    2048 

# Self-sign your Root Certificate Authority 
# Since this is private, the details can be as bogus as you like 
openssl req \ 
    -x509 \ 
    -new \ 
    -nodes \ 
    -key certs/ca/my-root-ca.key.pem \ 
    -days 1024 \ 
    -out certs/ca/my-root-ca.crt.pem \ 
    -subj "/C=US/ST=Utah/L=Provo/O=${FQDN}/CN=${FQDN}" 

# Create a Device Certificate for each domain, 
# such as example.com, *.example.com, awesome.example.com 
# NOTE: You MUST match CN to the domain name or ip address you want to use 
openssl genrsa \ 
    -out certs/server/privkey.pem \ 
    2048 

# Create a request from your Device, which your Root CA will sign 
openssl req -new \ 
    -key certs/server/privkey.pem \ 
    -out certs/tmp/csr.pem \ 
    -subj "/C=US/ST=Utah/L=Provo/O=${FQDN}/CN=${FQDN}" 

# Sign the request from Device with your Root CA 
# -CAserial certs/ca/my-root-ca.srl 
openssl x509 \ 
    -req -in certs/tmp/csr.pem \ 
    -CA certs/ca/my-root-ca.crt.pem \ 
    -CAkey certs/ca/my-root-ca.key.pem \ 
    -CAcreateserial \ 
    -out certs/server/cert.pem \ 
    -days 500 

# Create a public key, for funzies 
# see https://gist.github.com/coolaj86/f6f36efce2821dfb046d 
openssl rsa \ 
    -in certs/server/privkey.pem \ 
    -pubout -out certs/client/pubkey.pem 

# Put things in their proper place 
rsync -a certs/ca/my-root-ca.crt.pem certs/server/chain.pem 
rsync -a certs/ca/my-root-ca.crt.pem certs/client/chain.pem 
cat certs/server/cert.pem certs/server/chain.pem > certs/server/fullchain.pem

次で私は、セットアップ私のpackage.json

{ 
    "name": "api-server", 
    "version": "1.0.0", 
    "description": "API Server", 
    "main": "api-server.js", 
    "dependencies": { 
    "body-parser": "^1.15.2", 
    "express": "^4.14.0" 
    } 
}

NPMがをインストールしてから、次のように私のAPI-server.jsを作成蘭:

// Load libraries 
var https  = require('https'), 
    fs   = require('fs'), 
    express = require('express'), 
    app  = express(), 
    bodyParser = require('body-parser'); 

// Server setting 
var port = process.env.PORT || 8080; 

// Register body-parser 
app.use(bodyParser.json()); 
app.use(bodyParser.urlencoded({ extended: true })); 

// Configure router 
var router = express.Router(); 
app.use('/api/v1', router); 

// Register routes 
router.get('/', function(req, res) { 
    res.json({ success: true }); 
}); 

// Create & run https api server 
var secureServer = https.createServer({ 
    key: fs.readFileSync('./certs/server/privkey.pem'), 
    cert: fs.readFileSync('./certs/server/fullchain.pem'), 
    requestCert: true, 
    rejectUnauthorized: false 
}, app).listen(port, function() { 
    console.log('API Server Started On Port %d', port); 
});

最後に、私はノードAPI-server.jsを使用してアプリを起動し、クロムでhttps://<my-ip>:8080/を訪問しました。

私は、次のエラーを得た:

This site can’t be reached 
192.168.0.21 refused to connect.

サーバーのコンソールログに見て、私は次のことを見た:

enter image description here

任意のアイデア私がここで間違っているかもしれないもの?

出典

2017-01-07 Latheesan

+0

あなたのIPの代わりにlocalhostを試しましたか? – Raghavendra

+0

これをCentOS 7 VirtualBox VMで実験しています。 'firewalld'と' SELinux'は既にオフになっています。 – Latheesan

+0

このIP fr9mのVM外の他のサイトにアクセスできますか?これは問題のサイトがこのIPではなくローカルホストである可能性があります – Raghavendra

答えて

6

私はこれを解決する方法を見つけました。

make-certs.sh

#!/bin/bash 

FQDN=`hostname` 
rm server.key server.crt 
openssl genrsa -out server.key 2048 
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=GB/ST=Street/L=City/O=Organisation/OU=Authority/CN=${FQDN}" 
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt 
rm server.csr

API-server.js

// Import libraries 
var express = require('express'); 
var server = express(); 
var bodyParser = require('body-parser') 
var https = require('https'); 
var fs = require('fs'); 

// Server setting 
var port = process.env.PORT || 8080; 

// Register body-parser 
server.use(bodyParser.json()); 
server.use(bodyParser.urlencoded({ extended: true })); 

// Configure router 
var router = express.Router(); 
server.use('/api/v1', router); 

// Create https server & run 
https.createServer({ 
    key: fs.readFileSync('server.key'), 
    cert: fs.readFileSync('server.crt') 
}, server).listen(port, function() { 
    console.log('API Server Started On Port %d', port); 
}); 

// Register routes 
router.get('/', function(req, res) { 
    res.json({ success: true }); 
});

これが機能するようになりました。

出典

2017-01-08 00:59:14 Latheesan

+0

ルートCA証明書を使用しないようにしましたか? – Dandalf

関連する問題

 関連する問題