Nodejs使用TLS

1. 使用openssl生成服務器和客戶端證書

生成服務器證書，服務器使用自簽名證書（也就是本身扮演CA）

openssl genrsa -out server-key.pem 2048
openssl req -new -sha256 -key server-key.pem -out server-csr.pem    //在CN處填寫服務器主機名www.qikangwei.com
openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem

　　將服務器私鑰server-key.pem和CA根證書server-cert.pem複製到客戶端，而後生成客戶端證書

openssl genrsa -out client-key.pem 2048
openssl req -new -sha256 -key client-key.pem -out client-csr.pem    //在CN出填寫客戶端主機名
openssl x509 -req -CA server-cert.pem -CAkey server-key.pem -CAcreateserial -in client-csr.pem -out client-cert.pem

　　

2. 建立服務器和客戶端腳本

服務器：

var tls = require('tls');
var fs = require('fs');
var options = {
        key: fs.readFileSync('server-key.pem'),
        cert: fs.readFileSync('server-cert.pem'),
        ca: [ fs.readFileSync('server-cert.pem') ],
        requestCert: true,
        rejectUnauthorized: true
};
var server = tls.createServer(options, function(test) {
        console.log('server connected', test.authorized ? 'authorized' : 'unauthorized');
        test.write("welcome!\n");
        test.setEncoding('utf8');
        test.on('data', function(data) {
                console.log(data);
        });
        test.on('close', function() {
                console.log('client has closed');
                server.close();
        });
});
server.listen(2345, function() {
        console.log('server bound');
});

　　客戶端：

var tls = require('tls');
var fs = require('fs');
var options = {
        host: 'www.qikangwei.com',
        port: 2345,
        key: fs.readFileSync('client-key.pem'),
        cert: fs.readFileSync('client-cert.pem'),
        ca: [ fs.readFileSync('server-cert.pem') ],
        rejectUnauthorized: true
};
var client = tls.connect(options, function() {
        console.log('client connected', client.authorized ? 'authorized' : 'unauthorized');
        process.stdin.setEncoding('utf8');
        process.stdin.on('readable', function() {
                var chunk = process.stdin.read();
                if (chunk !== null) {
                        client.write(chunk);
                }
        });
 
});
client.setEncoding('utf8');
client.on('data', function(data) {
        console.log(data);
});
client.write("happy new year!");

　　

3. 測試

服務器：

node tls-server.js

客戶端：

node tls-client.js

腳本啓動後，在客戶端輸入內容，服務器端會顯示一樣的內容