Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
444 views
in Technique[技术] by (71.8m points)

javascript - 为node.js服务器获取公共SSL证书(getting public ssl certificate for node.js server)

I am running a node.js express server on my aws ac2 linux instance.(我在aws ac2 linux实例上运行node.js express服务器。)

I need to expose it through https to work properly with the react app that pulls data from it.(我需要通过https公开它,以便与从中提取数据的react应用正常工作。) I was able to generate my own ssl certificate but it will not be recognized by other users and the client app will through an error.(我能够生成自己的ssl证书,但其他用户将无法识别该证书,并且客户端应用程序将出现错误。)

Could you please explain how can i get a public ssl certificate just for the node server.(您能否解释一下如何仅为节点服务器获取公共ssl证书。)

The server uses an ip address like xxx.xx.xx.xx:4500/endpoint.(服务器使用的IP地址为xxx.xx.xx.xx:4500 / endpoint。) Aws seems to offer ssl but only if you pay for its load balancer and I do not want to do that.(AWS似乎提供ssl,但前提是您购买了负载均衡器,而我不想这样做。)

Is there a way to verify the certificate that i generated with openssl so i can use it publicly?(有没有一种方法可以验证我使用openssl生成的证书,以便可以公开使用?)

Here is my basic setup:(这是我的基本设置:)

const express = require('express');
const cors = require('cors');
const mysql = require('mysql');
const moment = require('moment');
var fs = require('fs');
const https = require('https')

const app = express();

xxx

https.createServer({key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')}, app).listen(4500, () => {
    console.log('Listening...')
  })

Thank you in advance!(先感谢您!)

  ask by Nikita Voevodin translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

OpenSSL itself is a tool to create self-signed certificates.(OpenSSL本身是创建自签名证书的工具。)

Those certificates are never trusted by the browser.(这些证书永远不会被浏览器信任。)

Instead, you can use Let's Encrypt with this command:(相反,您可以通过以下命令使用“让我们加密”:)

apt install certbot

certbot certonly --standalone -d example.com

Let's Encrypt is a trusted entity, so their certificates are valid.(让我们加密是一个受信任的实体,因此它们的证书有效。)

Your new certificates will be on a path like this:(您的新证书将位于以下路径:)

/etc/letsencrypt/live/example.com

As others suggested, you will need one domain.(正如其他人所建议的,您将需要一个域。)

You can get one free on sites like Freenom .(您可以在Freenom等网站上免费获得一个。)

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...