申请客户端证书进行身份验证

我想向浏览器请求证书以认证成员。</ p>

在nodejs中,我们有类似 http://nategood.com/nodejs-ssl的内容 -client-cert-auth-api-rest </ p>

我读过一些有关tls的文章,但我不太了解如何使用它... </ p>

</ div>

展开原文

原文

I would like request a certificate to the browser for authenticate members.

In nodejs we have something like http://nategood.com/nodejs-ssl-client-cert-auth-api-rest

I have read some articles about tls, but I don't really understand how use it...

ssl

1个回答

Here is a short example of how to require client certificate. The trick is to manually create and configure the http.Server instead of using the utilitary routines.

package main

import (
    "crypto/tls"
    "fmt"
    "net/http"
)

func main() {
    http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        fmt.Fprintf(w, "Hello cert")
    })

    server := &http.Server{
        Addr: ":8090",
        TLSConfig: &tls.Config{
            ClientAuth: tls.RequireAndVerifyClientCert,
        },
    }

    server.ListenAndServeTLS("cert.pem", "cert.key")
}

The important part is the tls.Config struct which control the way the server will behave with TLS. The field ClientAuth hold the client certificate policy, in our case Require a client certificate and verify it. Note that other policies are available…

You should also have a look at the ClientCAs field of the same struct, that allow you to use a list of root CA the client must verify against.

Note: I assume that you are also using a certificate server side to encrypt the communication. The server.ListenAndServeTLS method still do a lot of the work for you as a side-effect. If you don't need it, you will have to dive into this method to do it manually (and use the even-lower-level method server.Serve).

duanpo1821
duanpo1821 您可以执行此操作,但这会很麻烦,因为这是由标准程序包在内部处理的。
大约 6 年之前 回复
dongyong3554
dongyong3554 您可以使用openssl命令行工具来分析证书。 您可以从Go中执行此操作,但是如果客户端具有有效的证书,则不需要这样做。
大约 6 年之前 回复
duanjian7617
duanjian7617 这正是我想要的。 以及如何访问证书,以自己查看字段?
大约 6 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问