1.產生證書
生成一個文件名字:v3.ext
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names extendedKeyUsage = serverAuth [alt_names] DNS.1 = domain.com # IP address IP.1 = 192.168.2.221 IP.2 = 127.0.0.1
#生成私鑰key文件 openssl genrsa 1024 > /path/to/private.pem #通過私鑰文件生成CSR證書簽名 openssl req -new -key /path/to/private.pem -out csr.pem #通過私鑰文件和CSR證書簽名生成證書文件 openssl x509 -req -days 365 -in csr.pem -signkey private.pem -out file.crt -sha256 -extfile v3.ext
2.創建一個項目
項目初始化
npm init
安裝Express
npm install express
創建一個main.js
var app = require('express')();
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('./private.pem');
var certificate = fs.readFileSync('./file.crt');
var credentials = {key: privateKey, cert: certificate};
var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
var PORT = 18080;
var SSLPORT = 18081;
httpServer.listen(PORT, function() {
console.log('HTTP Server is running on: http://localhost:%s', PORT);
});
httpsServer.listen(SSLPORT, function() {
console.log('HTTPS Server is running on: https://localhost:%s', SSLPORT);
});
// Welcome
app.get('/', function(req, res) {
if(req.protocol === 'https') {
res.status(200).send('Welcome to Safety Land!');
}
else {
res.status(200).send('Welcome!');
}
});
啟動
npm start
測試
https://127.0.0.1:18081/
3.設置代理訪問網站
Chrome設置代理
訪問https://www.baidu.com
參考:
https://stackoverflow.com/questions/43929436/subject-alternative-name-missing-err-ssl-version-or-cipher-mismatch
http://www.it1352.com/817497.html