| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 |
Tags
- Nodejs
- openssl
- css
- Android
- Xcode
- SSL
- SSH
- 애플
- 안드로이드
- SWIFT
- OTP
- otpkey
- FIDO2
- git
- fido
- albumbook
- MYSQL
- apple
- 앱리소스
- MSYS2
- 앨범북
- OSX
- MFA
- 앱스토어
- 2FA
- WebAuthn
- kmip
- SwiftUI
- appres
- 인증
Archives
- Today
- Total
인디노트
Node.js TLS plain TLS sockets 본문
Node.js plain TLS Client & Server, 2-way Cert Auth
Node.js TLS plain TLS sockets
This guide shows how to set up a bidirectional client/server authentication for plain TLS sockets.
Prepare certificates
Generate a Certificate Authority:
openssl req -new -x509 -days 9999 -keyout ca-key.pem -out ca-crt.pem- Insert a CA Password
- Specify a CA Common Name, like 'root.localhost' or 'ca.localhost'. This MUST be different from both server and client CN.
Server certificate
Generate Server Key:
openssl genrsa -out server-key.pem 4096Generate Server certificate signing request:
openssl req -new -key server-key.pem -out server-csr.pem- Specify server Common Name, like 'localhost' or 'server.localhost'. The client will verify this, so make sure you have a vaild DNS name for this.
- For this example, do not insert the challenge password.
Sign certificate using the CA:
openssl x509 -req -days 9999 -in server-csr.pem -CA ca-crt.pem -CAkey ca-key.pem -CAcreateserial -out server-crt.pem- insert CA Password
Verify server certificate:
openssl verify -CAfile ca-crt.pem server-crt.pemClient certificate
Generate Client Key:
openssl genrsa -out client1-key.pem 4096Generate Client certificate signing request:
openssl req -new -key client1-key.pem -out client1-csr.pem- Specify client Common Name, like 'client.localhost'. Server should not verify this, since it should not do reverse-dns lookup.
- For this example, do not insert the challenge password.
Sign certificate using the CA:
openssl x509 -req -days 9999 -in client1-csr.pem -CA ca-crt.pem -CAkey ca-key.pem -CAcreateserial -out client1-crt.pem- insert CA Password
Verify client certificate:
openssl verify -CAfile ca-crt.pem client1-crt.pemServer code
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-crt.pem'),
ca: fs.readFileSync('ca-crt.pem'),
requestCert: true,
rejectUnauthorized: true
};
const server = tls.createServer(options, (socket) => {
console.log('server connected',
socket.authorized ? 'authorized' : 'unauthorized');
socket.on('error', (error) => {
console.log(error);
});
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(process.stdout);
socket.pipe(socket);
});
server.listen(8000, () => {
console.log('server bound');
});Client code
const tls = require('tls');
const fs = require('fs');
const options = {
ca: fs.readFileSync('ca-crt.pem'),
key: fs.readFileSync('client1-key.pem'),
cert: fs.readFileSync('client1-crt.pem'),
host: 'server.localhost',
port: 8000,
rejectUnauthorized:true,
requestCert:true
};
const socket = tls.connect(options, () => {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('error', (error) => {
console.log(error);
});
socket.on('end', (data) => {
console.log('Socket end event');
});반응형
'개발 플랫폼 및 언어 > 노드 Node & NPM' 카테고리의 다른 글
| SSH2 client and server modules written in pure JavaScript for node.js (0) | 2020.12.21 |
|---|---|
| Node.js와 외부 프로그램(Java, C, C++) 연결 (bridge) (0) | 2018.11.15 |
| Node.js: Simple TCP Server & Client and Promisify the Client (0) | 2018.11.10 |
| Centos 7.x Node.js 최신버전 설치 (0) | 2018.11.05 |
| [Node.js] express-session (0) | 2018.11.02 |
Comments