nodejs创建TLS服务
by 伍雪颖
server.js
var tls = require('tls'); var fs = require('fs'); var options = { key: fs.readFileSync('./keys/server.key'), cert: fs.readFileSync('./keys/server.crt'), requestCert: true, ca: [ fs.readFileSync('./keys/ca.crt')] }; var server = tls.createServer(options,function(stream) { console.log('server connected',stream.authorized?'authorized':'unauthorized'); stream.write("welcome!\n"); stream.setEncoding('utf8'); stream.pipe(stream); }); server.listen(8000,function() { console.log('server bound'); });
client.js
var tls = require('tls'); var fs = require('fs'); var options = { key: fs.readFileSync('./keys/client.key'), cert: fs.readFileSync('./keys/client.crt'), ca: [ fs.readFileSync('./keys/ca.crt')] }; var stream = tls.connect(8000,options,function() { console.log('client connected',stream.authorized?'authorized':'unauthorized'); process.stdin.pipe(stream); }); stream.setEncoding('utf8'); stream.on('data',function(data) { console.log(data); }); stream.on('end',function() { server.close(); });
证书生成:
server.key,client.key
openssl genrsa -out server.key 1024
openssl genrsa -out client.key 1024
ca.crt
openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
server.crt
openssl req -new -key server.key -out server.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
client.crt
openssl req -new -key client.key -out client.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt
时间: 2024-12-30 00:04:58