sha*_*har 4 ssl node.js express
i have my paypal ssl certificate for the paypal ipn added for my code like that and it working without any problems
var httpsOptions = {
key: fs.readFileSync('./app/certsandkeys/my-prvkey.pem'),
cert: fs.readFileSync('./app/certsandkeys/my-pubcert.pem'),
requestCert: true
//pfx: fs.readFileSync('./app/certsandkeys/ssl/crt.pfx'),
//passphrase:"password"
}
https.createServer(httpsOptions, app).listen(443,function (req,res) {
console.log("server listening on port " + 443);
});
but what i need now is to certificating my whole site so i created an ssl cert and key using openssl (server.crt and server.csr and server.key ) but now i don't know how to add it beside the paypal ipn cert and key on httpsOptions
the only thing i found about something like that is this code from github issues
var options = {
key: [key1, key2],
cert: [cert1, cert2],
ca: caCert
};
var server = https.createServer(options);
so what's the right way for doing that ?
在同一台服务器上使用不同的密钥由服务器名称指示 (SNI) 处理,并且不同的服务器需要不同的域名。此问题说明如何使用 SNI 为第二个域名创建不同的安全上下文。
在默认上下文中更改键的代码应该如下所示:
const secondContext = tls.createSecureContext({
key: [key2],
cert: [cert2]
});
const options = {
key: [key1],
cert: [cert1],
SNICallback: function (domain, cb) {
if (domain === 'key2domain.example.com') {
cb(null, secondContext);
} else {
cb();
}
}
}
从您提到的贝宝文档中不清楚贝宝是否让您为此 IPN 服务 URL 设置备用域。相反,看起来他们的流程接受 CSR 来处理仅用于 IPN 的自签名证书,并提供付费签名以将其用于用户可见的按钮,即他们提供自己的 CA 服务?
您可以在同一个密钥上提交多个 CSR,因此您可以尝试依赖单个私钥并保留来自普通 CA 的证书链。但是,如果他们强制使用自己的证书链,那么您可能需要为此用途创建一个单独的(子)域,以便为不同的链提供 SNI。
| 归档时间: |
|
| 查看次数: |
1661 次 |
| 最近记录: |