mac制作ssl证书|生成自签名证书,nodejs+express在mac上搭建https+wss(websocket)服务器
注意
mac 自带 openssl 所以没必要像 windows 一样先安装 openssl,直接生成即可
生成 ssl/自签名 证书
生成 key
# 生成rsa私钥,des3算法,server_ssl.key是秘钥文件名 1024位强度
openssl genrsa -des3 -out server_ssl.key 1024
让输入两次密码,随便,但是两次得是一样的
移除密码
# 这里执行完上一步的密码即已经被移除了
openssl rsa -in server_ssl.key -out server_ssl.key
生成 csr
# -new 执行生成新的证书请求
# -key 指定密钥
openssl req -new -key server_ssl.key -out server_ssl.csr
Country Name (2 letter code) [国家]:CN State or Province Name (full name) [省份]:Beijing Locality Name (eg, city) [城市]:Beijing Organization Name (eg, company) [组织/公司]:zgp Organizational Unit Name (eg, section) [部门/单位]:zgp Common Name (eg, fully qualified host name) [域名]:test.zgp.cn Email Address [邮箱]:demo@outlook.com Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password [上一步已经移除,直接回车即可]:
生成证书
# x509 根据现有的证书请求生成自签名根证书
# -days 设置证书的有效天数
# -in 指定输入证书请求文件
openssl x509 -req -days 365 -in server_ssl.csr -signkey server_ssl.key -out server_ssl.crt
执行过程截图
创建 nodejs 的 https/wss 服务
创建 express 项目就不多说了,自行查看:nodejs+express自动生成项目 express 文档地址https://www.expressjs.com.cn/starter/generator.html
修改的 bin/www 文件
#!/usr/bin/env node
/
* Module dependencies.
*/
var app = require('../app');
var debug = require('debug')('express-io:server');
const fs = require('fs');
const path = require('path');
// var http = require('http');
var https = require('https');
// 引入 socket.io
const { Server } = require('socket.io')
/
* Get port from environment and store in Express.
*/
var port = normalizePort(process.env.PORT || '3001');
app.set('port', port);
/
* Create HTTPS server.
* 加上 ssl 证书
*/
const httpsOption = {
key: fs.readFileSync(path.resolve(__dirname, "../certificate/server_ssl.key")),
cert: fs.readFileSync(path.resolve(__dirname, "../certificate/server_ssl.crt"))
}
var server = https.createServer(httpsOption, app);
// 创建 websocket 服务器代码
const io = new Server(server, {
cors: {
origin: "*"
}
});
// 客户端连接成功会输出连接 id 以及 客户端传惨 query
io.on('connection', (socket)=>{
console.log(socket.id)
console.log(socket.handshake.query)
})
/
* Listen on provided port, on all network interfaces.
*/
server.listen(port, () => {
console.log(`server listening on port: ${port}`)
});
server.on('error', onError);
server.on('listening', onListening);
/
* Normalize a port into a number, string, or false.
*/
function normalizePort(val) {
var port = parseInt(val, 10);
if (isNaN(port)) {
// named pipe
return val;
}
if (port >= 0) {
// port number
return port;
}
return false;
}
/
* Event listener for HTTP server "error" event.
*/
function onError(error) {
if (error.syscall !== 'listen') {
throw error;
}
var bind = typeof port === 'string'
? 'Pipe ' + port
: 'Port ' + port;
// handle specific listen errors with friendly messages
switch (error.code) {
case 'EACCES':
console.error(bind + ' requires elevated privileges');
process.exit(1);
break;
case 'EADDRINUSE':
console.error(bind + ' is already in use');
process.exit(1);
break;
default:
throw error;
}
}
/
* Event listener for HTTP server "listening" event.
*/
function onListening() {
var addr = server.address();
var bind = typeof addr === 'string'
? 'pipe ' + addr
: 'port ' + addr.port;
debug('Listening on ' + bind);
}
创建个客户端测试
Document