nodejs创建TLS服务
by 伍雪颖
server.js
var tls = require('tls');
var fs = require('fs');
var options = {
key: fs.readFileSync('./keys/server.key'),
cert: fs.readFileSync('./keys/server.crt'),
requestCert: true,
ca: [ fs.readFileSync('./keys/ca.crt')]
};
var server = tls.createServer(options,function(stream) {
console.log('server connected',stream.authorized?'authorized':'unauthorized');
stream.write("welcome!
");
stream.setEncoding('utf8');
stream.pipe(stream);
});
server.listen(8000,function() {
console.log('server bound');
});
client.js
var tls = require('tls');
var fs = require('fs');
var options = {
key: fs.readFileSync('./keys/client.key'),
cert: fs.readFileSync('./keys/client.crt'),
ca: [ fs.readFileSync('./keys/ca.crt')]
};
var stream = tls.connect(8000,options,function() {
console.log('client connected',stream.authorized?'authorized':'unauthorized');
process.stdin.pipe(stream);
});
stream.setEncoding('utf8');
stream.on('data',function(data) {
console.log(data);
});
stream.on('end',function() {
server.close();
});
证书生成:
server.key,client.key
openssl genrsa -out server.key 1024
openssl genrsa -out client.key 1024
ca.crt
openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
server.crt
openssl req -new -key server.key -out server.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
client.crt
openssl req -new -key client.key -out client.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt