Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
323 views
in Technique[技术] by (71.8m points)

javascript - Node.js/Express.js Chain Certificate Not working

I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). I've put our intermediate and chain certificate in one .crt file. The chain + intermediate certificate is in the INT_CERT_FILE variable. It does not seem to work. I am using http://www.digicert.com/help, as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " to check, but it does not seem to be returning the intermediate + chain certificate.

Here's how I'm setting it up:

var fs = require("fs");
var https = require("https");
var express = require("express");

var KEY_FILE = fs.readFileSync("path/to/key/file.key");
var CERT_FILE = fs.readFileSync("path/to/crt/file.crt");
var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt");

var _app_https = express();
var _server_https = null;

_server_https = https.createServer({
    key: KEY_FILE,
    cert: CERT_FILE,
    ca: INT_CERT_FILE
}, _app_https).listen(443);

When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. How can I fix this issue?

Thanks,

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Does your intermediate certificate file contains multiple certificate blocks?

If that's the case you should split them into different files and read them one by one. You can pass them as an array to the ca parameter.

I've got it working with the code below:

var https = require('https'),
    read = require('fs').readFileSync,
    httpsOptions = {
        key: read('ssl/mycertificate.key', 'utf8'),
        cert: read('ssl/mycertificate.crt', 'utf8'),
        ca: [
            read('ssl/rapidssl_1.pem', 'utf8'),
            read('ssl/rapidssl_2.pem', 'utf8')
        ]
    };

https.createServer(httpsOptions, function (req, res) {
    // ...
});

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...