如何避免HTTPSconfiguration的Express服务器上的“网站不安全”

我正在创build一个Express应用程序,我想使用HTTPS。 我在StartSSL.com上创build了一个证书,将它导入到我的服务器中,现在可以正确地build立连接到服务器。

但是有一些错误:

“不安全”

为什么会发生? 我必须以某种方式添加中间证书吗? 这个证书应该已经签了,我可能是错的。 这是我在index.js中的configuration部分: 

var bodyParser = require('body-parser'); app.use(bodyParser.json()); // support json encoded bodies app.use(force_https); app.use(bodyParser.urlencoded({ extended: true })); // support encoded bodies app.use(helmet()); app.disable('x-powered-by'); app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next(); }); // Setup HTTPS const httpsPort = 3443; const options = { key: fs.readFileSync("./key.pem", "utf8"), cert: fs.readFileSync("./cert.pem", "utf8") }; var secureServer = https.createServer(options, app).listen(httpsPort, () => { console.log(">> CentraliZr listening at port "+httpsPort); });

我的证书有这个内容(没有问题分享,这只是一个testing应用程序): 

 Certificate: Data: Version: 3 (0x2) Serial Number: 3084 (0xc0c) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=getaCert - www.getacert.com Validity Not Before: Oct 23 16:54:10 2017 GMT Not After : Dec 22 16:54:10 2017 GMT Subject: C=ES, ST=Madrid, L=Madrid, O=centralizr, OU=devops, CN=centralizr.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:98:23:37:c0:18:77:4d:a1:22:b4:97:08:bb:c8: 11:06:03:ab:40:f3:da:ed:ff:e4:bc:5c:e9:60:86: 3f:ff:b3:49:93:b1:af:8c:cd:90:ae:96:24:d2:13: f3:cd:d0:90:c3:34:9b:d9:72:4c:f7:95:48:27:c6: 0b:33:15:a0:a9:4f:14:03:e2:02:ac:67:b1:10:b6: 78:45:c1:75:bb:50:18:8f:40:58:0e:a1:d9:a1:89: ec:1f:80:31:1f:dc:30:53:6a:97:1b:6e:99:0d:13: 8c:de:c2:32:1b:7e:06:43:e3:d3:34:77:62:85:fe: 2b:2f:87:a3:0d:85:92:75:97:95:10:49:6b:ee:77: 03:56:a7:a9:fd:d6:77:d9:da:10:6d:fa:77:34:99: 0f:ee:17:27:3c:9c:bc:08:94:9b:a1:c9:fa:81:a9: d8:94:05:d1:69:40:08:28:e4:42:b1:be:21:2e:dc: 21:16:e3:4a:25:55:da:f6:7b:5f:2c:32:0e:af:88: cb:da:cc:e5:c0:cf:80:1b:33:91:27:aa:bf:ab:ef: bd:a8:77:f8:6e:46:1a:cb:e3:38:d9:a9:3f:3d:9b: 36:b5:8e:fd:b3:01:90:18:c5:b1:b0:09:c3:39:5b: 60:e8:9f:cc:26:9b:e2:3b:5c:7c:41:50:2f:0e:fe: eb:5f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client, SSL Server, S/MIME, Object Signing X509v3 Key Usage: Key Encipherment Signature Algorithm: sha256WithRSAEncryption 76:67:0f:a8:e0:eb:46:ef:dc:b2:76:c8:f4:7d:55:0a:dd:62: 02:6a:54:f4:ab:de:49:89:31:1e:26:2b:b5:61:04:7c:31:80: c2:92:6e:ae:b7:97:86:cf:5b:7e:23:c4:ba:46:f1:57:6e:ea: c6:70:06:e9:79:f8:03:5c:fc:ac:8c:f3:02:22:b6:71:1a:ac: 22:87:b1:26:c8:d3:6d:09:d2:22:6a:d1:b2:d0:17:94:6b:36: ce:99:84:7f:7d:26:09:bd:82:69:b1:59:a0:34:cc:5b:fb:19: e8:40:03:21:6a:fd:40:74:2b:a6:08:ef:c8:3c:86:31:fb:1e: ac:a5:09:7f:f5:7f:68:bd:4c:28:89:c0:35:24:d6:73:0e:f7: 68:aa:b3:40:3c:49:22:40:54:ee:8b:eb:a3:39:ef:31:e8:72: fa:33:93:fd:45:a8:11:d6:c0:11:73:ac:8e:2c:c0:7e:17:0a: 25:46:05:e4:ae:bc:6d:a5:16:df:fb:ee:8c:cb:7f:d2:82:14: 22:23:d4:67:92:ad:ce:ca:77:36:52:ea:86:fb:8b:db:ef:b2: bb:da:4f:66:d9:45:af:45:0a:15:5d:f6:32:2d:d3:3c:73:21: bc:aa:f0:c8:16:3e:62:43:4a:61:e7:db:24:86:e3:79:13:5e: 62:63:22:30 -----BEGIN CERTIFICATE----- MIIDcTCCAlmgAwIBAgICDAwwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMx EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xNzEwMjMxNjU0MTBaFw0x NzEyMjIxNjU0MTBaMG4xCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzAN BgNVBAcTBk1hZHJpZDETMBEGA1UEChMKY2VudHJhbGl6cjEPMA0GA1UECxMGZGV2 b3BzMRcwFQYDVQQDEw5jZW50cmFsaXpyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJgjN8AYd02hIrSXCLvIEQYDq0Dz2u3/5Lxc6WCGP/+zSZOx r4zNkK6WJNIT883QkMM0m9lyTPeVSCfGCzMVoKlPFAPiAqxnsRC2eEXBdbtQGI9A WA6h2aGJ7B+AMR/cMFNqlxtumQ0TjN7CMht+BkPj0zR3YoX+Ky+How2FknWXlRBJ a+53A1anqf3Wd9naEG36dzSZD+4XJzycvAiUm6HJ+oGp2JQF0WlACCjkQrG+IS7c IRbjSiVV2vZ7XywyDq+Iy9rM5cDPgBszkSeqv6vvvah3+G5GGsvjONmpPz2bNrWO /bMBkBjFsbAJwzlbYOifzCab4jtcfEFQLw7+618CAwEAAaMtMCswCQYDVR0TBAIw ADARBglghkgBhvhCAQEEBAMCBPAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBCwUA A4IBAQB2Zw+o4OtG79yydsj0fVUK3WICalT0q95JiTEeJiu1YQR8MYDCkm6ut5eG z1t+I8S6RvFXburGcAbpefgDXPysjPMCIrZxGqwih7EmyNNtCdIiatGy0BeUazbO mYR/fSYJvYJpsVmgNMxb+xnoQAMhav1AdCumCO/IPIYx+x6spQl/9X9ovUwoicA1 JNZzDvdoqrNAPEkiQFTui+ujOe8x6HL6M5P9RagR1sARc6yOLMB+FwolRgXkrrxt pRbf++6My3/SghQiI9Rnkq3Oync2UuqG+4vb77K72k9m2UWvRQoVXfYyLdM8cyG8 qvDIFj5iQ0ph59skhuN5E15iYyIw -----END CERTIFICATE-----

所以,有两个问题:

  1. 为什么会发生这种错误?
  2. 我发送的信息至less是encryption的吗?

谢谢!

编辑:这是我的导航器抛出的错误:

NET :: ERR_CERT_AUTHORITY_INVALID

  1. 证书的主题必须与您访问的域名相匹配。 该证书似乎不适用于localhost 。 事实上,合适的CA实际上不可能为您颁发localhost的证书,因为他们不可能validation该域。
  2. Chrome和其他许多浏览器都停止接受StartCom证书 。

获取localhost的有效证书的唯一方法是创build一个自签名的根证书,将其安装在所有相关的本地信任库中,并使用来签署一个自创的证书。

这是我如何使用HTTP2和SSL设置我的服务器,希望它有帮助! 

 const fs = require('fs'); const path = require('path'); const http = require('http'); const https = require('https'); const spdy = require('spdy') const express = require('express'); const privateKey = fs.readFileSync('certs/server.key', 'utf8'); const certificate = fs.readFileSync('certs/server.crt', 'utf8'); const credentials = {key: privateKey, cert: certificate}; const app = express(); app.use(express.static(path.join(__dirname, 'build'))); app.get('*', (req, res) => { res.sendFile(path.join(__dirname + '/build/index.html')); }); const httpServer = http.createServer(app); const httpsServer = spdy.createServer(credentials, app); httpServer.listen(80); httpsServer.listen(443); console.log('Server started over HTTP2 protocol.');
Interesting Posts

Express.js ERR_TOO_MANY_REDIRECTS错误

使用https与express io

NodeJS(快速)服务器定期重新启动

奇怪的GET请求

节点/方法覆盖在PUT上给出错误

为什么我不能从Expressjs / Nodejs获得我的JavaScript文件?

列出圈子时,Google+ Domains 403禁止

如何在茉莉花需要的时候把它expression出来?

Node.js将datestring转换为unix时间戳

如何在MongoDB地理空间中select查询中的字段?