Node.js/Express.js 链证书不工作

我在 Express 中有一个 SSL 服务器,它不适用于所有浏览器(除非用户手动信任该网站),因为某些浏览器需要链证书(我们有自己的中间证书).我已将我们的中间证书和链证书放在一个 .crt 文件中.链 + 中间证书位于 INT_CERT_FILE 变量中.它似乎不起作用.我正在使用 http://www.digicert.com/help,以及运行 openssl s_client -connect tasker.adnxs.net:443 -showcerts |grep "^ " 去检查,但是好像没有返回中间+链证书.

I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). I've put our intermediate and chain certificate in one .crt file. The chain + intermediate certificate is in the INT_CERT_FILE variable. It does not seem to work. I am using http://www.digicert.com/help, as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " to check, but it does not seem to be returning the intermediate + chain certificate.

我是这样设置的:

var fs = require("fs");
var https = require("https");
var express = require("express");

var KEY_FILE = fs.readFileSync("path/to/key/file.key");
var CERT_FILE = fs.readFileSync("path/to/crt/file.crt");
var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt");

var _app_https = express();
var _server_https = null;

_server_https = https.createServer({
    key: KEY_FILE,
    cert: CERT_FILE,
    ca: INT_CERT_FILE
}, _app_https).listen(443);

在 Firefox 上访问它时,Firefox 无法识别其身份并要求手动信任它.我该如何解决这个问题?

When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. How can I fix this issue?

谢谢,

推荐答案

你的中间证书文件是否包含多个证书块?

Does your intermediate certificate file contains multiple certificate blocks?

如果是这种情况,您应该将它们拆分为不同的文件并一一阅读.您可以将它们作为数组传递给 ca 参数.

If that's the case you should split them into different files and read them one by one. You can pass them as an array to the ca parameter.

我已经用下面的代码让它工作了:

I've got it working with the code below:

var https = require('https'),
    read = require('fs').readFileSync,
    httpsOptions = {
        key: read('ssl/mycertificate.key', 'utf8'),
        cert: read('ssl/mycertificate.crt', 'utf8'),
        ca: [
            read('ssl/rapidssl_1.pem', 'utf8'),
            read('ssl/rapidssl_2.pem', 'utf8')
        ]
    };

https.createServer(httpsOptions, function (req, res) {
    // ...
});

相关文章