Module Overview
The importance of this module is basically not emphasized. Today, when network security issues are becoming increasingly serious, it is inevitable that websites can adopt HTTPS.
In nodejs, the https module is provided to complete HTTPS-related functions. Judging from the official documentation, the usage is very similar to the http module.
This article mainly contains two parts:
- Through client and server examples, an introductory explanation of the https module is provided.
- How to access a website with untrusted security certificates. (Taking 12306 as an example)
Due to space limitations, this article cannot explain the HTTPS protocol and related technical systems too much. If you have any questions, please leave a message to communicate.
Client Example
It is very similar to the usage of the http module, except that the requested address is based on the https protocol, the code is as follows:
var https = require('https');
('', function(res){
('status code: ' + );
('headers: ' + );
('data', function(data){
(data);
});
}).on('error', function(err){
(err);
});
Server side example
To provide HTTPS services to the outside world, you need an HTTPS certificate. If you already have an HTTPS certificate, you can skip the certificate generation process. If not, please refer to the following steps
Generate a certificate
1. Create a directory to store the certificate.
mkdir cert cd cert
2. Generate a private key.
openssl genrsa -out 2048
3. Generate a certificate signing request (csr means Certificate Signing Request).
openssl req -new \ -sha256 -key \ -out \ -subj "/C=CN/ST=Guandong/L=Shenzhen/O=YH Inc/CN="
4. Generate a certificate.
openssl x509 \ -req -in \ -signkey \ -out
HTTPS server
The code is as follows:
var https = require('https');
var fs = require('fs');
var options = {
key: ('./cert/'), // Private key cert: ('./cert/') // Certificate};
var server = (options, function(req, res){
('This is a return from the HTTPS server');
});
(3000);
Since I don't have this domain name, I first configure the local host
127.0.0.1
Start the service and access :3000 in the browser. Note that the browser will prompt you that the certificate is unreliable, just click Trust and continue to access.
Advanced example: Accessing websites with untrusted security certificates
Here is our favorite 12306 as an example. When we access the ticket purchase page of 12306 through the browser https://kyfw./otn/regist/init, chrome will prevent us from accessing, because the 12306 certificate is issued by itself, and Chrome cannot confirm its security.
For this case, the following methods can be handled:
- Stop visiting: The fellow villagers who were anxious to grab tickets and go home for the New Year said they could not accept it.
- Ignore the security warning and continue to access: In most cases, the browser will release it, but the security prompt is still there.
- Import the CA root certificate of 12306: The browser obeys and believes that access is safe. (In fact, there are still security tips, because the security level of the signature algorithm used by 12306 is not enough)
Example: Triggering security restrictions
Similarly, if you initiate a request through the node https client, you will also encounter the same problem. Let's do the experiment, the code is as follows:
var https = require('https');
('https://kyfw./otn/regist/init', function(res){
('data', function(data){
(data);
});
}).on('error', function(err){
(err);
});
Run the above code and get the following error message, which means that the security certificate is unreliable and continue access is denied.
{ Error: self signed certificate in certificate chain
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1055:38)
at emitNone (:86:13)
at (:185:7)
at TLSSocket._finishInit (_tls_wrap.js:580:8)
at (_tls_wrap.js:412:38) code: 'SELF_SIGNED_CERT_IN_CHAIN' }
ps: I personally think the error message here is a bit misleading. The certificate of the 12306 website is not self-signed, but the CA that signs the certificate is 12306's own and is not in the trusted list. A self-signed certificate is different from a certificate signed by your own CA.
Similar to accessing in a browser, we can take the following processing:
- Not recommended: ignore security warnings and continue access;
- Suggestions: Add 12306 CA to the trusted list;
Method 1: Ignore the security warning and continue accessing
It's very simple. Just set rejectUnauthorized to false. Run the code again and you can happily return to the page.
// Example: Ignore security warningsvar https = require('https');
var fs = require('fs');
var options = {
hostname: 'kyfw.',
path: '/otn/leftTicket/init',
rejectUnauthorized: false // Ignore security warnings};
var req = (options, function(res){
();
});
('error', function(err){
();
});
Method 2: Add 12306 CA to the trusted list
Here are 3 steps:
- Download 12306 CA certificate
- Convert CA certificate in der format to pem format
- Modify node https configuration
1. Download 12306 CA certificate
On the official website of 12306, CA certificates are providedDownload address, save it locally, named .
2. Convert CA certificate in der format to pem format
When initializing the client https, the configuration item ca is provided, which can add the CA certificate of 12306. When you visit the 12306 website, the client will use the ca certificate in the ca configuration item to verify the current certificate, and then the verification is passed.
It should be noted that the ca configuration item only supports pem format, while the downloaded from the 12306 official website is in the der format. You need to convert the following format to use. For the difference between pem and der, please refer to here.
openssl x509 -in -inform der -outform pem -out
3. Modify the node https configuration
The modified code is as follows, and now you can enjoy accessing 12306.
// Example: Add 12306 CA certificate to our trust listvar https = require('https');
var fs = require('fs');
var ca = ('./');
var options = {
hostname: 'kyfw.',
path: '/otn/leftTicket/init',
ca: [ ca ]
};
var req = (options, function(res){
();
});
('error', function(err){
();
});
The above is all the content of this article. I hope it will be helpful to everyone's study and I hope everyone will support me more.