I would like request a certificate to the browser for authenticate members.
In nodejs we have something like http://nategood.com/nodejs-ssl-client-cert-auth-api-rest
I have read some articles about tls, but I don't really understand how use it...
1条回答
douxun7992 2014-06-12 11:07关注Here is a short example of how to require client certificate. The trick is to manually create and configure the
http.Serverinstead of using the utilitary routines.package main import ( "crypto/tls" "fmt" "net/http" ) func main() { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello cert") }) server := &http.Server{ Addr: ":8090", TLSConfig: &tls.Config{ ClientAuth: tls.RequireAndVerifyClientCert, }, } server.ListenAndServeTLS("cert.pem", "cert.key") }The important part is the
tls.Configstruct which control the way the server will behave with TLS. The field ClientAuth hold the client certificate policy, in our case Require a client certificate and verify it. Note that other policies are available…You should also have a look at the
ClientCAsfield of the same struct, that allow you to use a list of root CA the client must verify against.Note: I assume that you are also using a certificate server side to encrypt the communication. The
server.ListenAndServeTLSmethod still do a lot of the work for you as a side-effect. If you don't need it, you will have to dive into this method to do it manually (and use the even-lower-level methodserver.Serve).本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2014-06-12 09:36回答 1 已采纳 Here is a short example of how to require client certificate. The trick is to manually create and
- 2019-09-14 14:13回答 1 已采纳 检查其他电脑与CA服务器是否同在一个域。 或者证书模板选择“WEB服务器“,并重新提交申请。
- 2017-04-25 14:03回答 1 已采纳 The following procedure to convert the .pfx certificate to .pem solved the issue: openssl pkcs12
- 2020-06-24 04:06cuyi7076的博客 [编者注:本文介绍了如何为Domino 4.6和4.6.1设置SSL客户机认证。] 互联网上最新的行业流行词是SSL。 但是SSL真正需要提供什么?... 使用SSL 3.0验证客户端身份。 有关这些SSL概念的介绍,请参见H...
- 2015-01-16 20:46回答 1 已采纳 I did some duck duck going and found the rfc320 that provides the definitions of the asn.1 classes
- 2018-01-06 05:52回答 1 已采纳 Solved by using code example https://cloud.google.com/compute/docs/reference/latest/instances/ge
- 2018-11-03 08:50回答 1 已采纳 Yes, it is goroutine safe. auth.Client is intended to be shared among goroutines and reused. Spe
- 2019-06-27 17:04AllisWell_Wotrus的博客 您注册WoSign数字证书在线申请系统后就可以在线申请客户端数字证书了,包括:超快个人证书、超真个人证书和超真单位证书.或直接在我们给您的一个申请网址上申请. 申请界面如下图1所示,在线填写姓名、电子邮箱、单位...
- 2017-08-31 21:23回答 2 已采纳 不行,你需要有根证书,才能生成客户端子证书,wosign给你的只是对应的域名的证书。你需要找wosign再申请客户端的证书
- 回答 2 已采纳 那就是你没配置好吧添加443端口了吗
- 2016-06-06 15:17回答 2 已采纳 模型选择: 网络模型的选择需要衡量开发成本、项目的压力、业务需求等,按照你说的只有5个客户端,那么即使跑视频压力也不大,所以更多要考虑的是业务需求和开发成本。 看你的业务需求,5
- 2022-03-01 20:43tinychen777的博客 本文主要介绍如何使用给nginx服务添加客户端证书认证从而实现双向加密。 对于一般的https网站来说,实际上https所使用的证书是属于单向验证,即客户端单向验证服务器的安全性,而服务器端是没有对客户端的身份进行...
- 2016-05-05 19:02回答 1 已采纳 Is it possible to also verify the client certs against a provided CRL? Yes, it is possible, b
- 2010-03-12 15:50类似银行网站的客户端申请一个证书,用来标识自己的身份,与网站服务端证书匹配,可以将客户端证书放到usb-key里面,再也不需要花钱去买证书了,服务端证书可以安装在iis里,再也不需要微软操作系统安装证书服务了。...
- 2018-01-02 12:10soarheaven的博客 正规的做法是:到国际知名的证书颁发机构,如VeriSign申请一本服务器证书,比如支付宝的首页,点击小锁的图标,可以看到支付宝是通过VeriSign认证颁发的服务器证书: 我们用的操作系统(windows, lin
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
- ¥15 如何在scanpy上做差异基因和通路富集?
- ¥20 关于#硬件工程#的问题,请各位专家解答!
- ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
- ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
- ¥30 截图中的mathematics程序转换成matlab
- ¥15 动力学代码报错,维度不匹配
- ¥15 Power query添加列问题
- ¥50 Kubernetes&Fission&Eleasticsearch
- ¥15 報錯:Person is not mapped,如何解決?