https: 几种证书的生成方式 openssl/mkcert/certbot

几种自己用过的证书生成方式对比

常用到的

• openssl
• mkcert
• certbot
• acme.sh

openssl

使用 openssl 创建 privatekey.pem、certificate.pem 文件

1. 生成私钥 (private key) 文件 privatekey.pem
2. 生成自签名证书 (self-signed certificate) 文件 certificate.pem，并使用上面生成的私钥

openssl genpkey -algorithm RSA -out privatekey.pem
openssl req -new -key privatekey.pem -x509 -out certificate.pem

mkcert

在电脑上没有红色，但在手机上还是会出现组织的情况。

mkcert localhost 192.168.1.112

// HTTPS 选项
const options = {
  key: fs.readFileSync('./ssl/mkcert/localhost+1-key.pem'),
  cert: fs.readFileSync('./ssl/mkcert/localhost+1.pem')
};

示例

使用 express ，打开 https://localhost:8080/

const express = require('express');
const https = require('https');
const fs = require('fs');

const app = express();
const port = 8080; // HTTPS 默认端口

// HTTPS 选项
const options = {
  key: fs.readFileSync('./ssl/privatekey.pem'),
  cert: fs.readFileSync('./ssl/certificate.pem')
};

// 创建 HTTPS 服务器
const server = https.createServer(options, app);

app.get('/', (req, res) => {
  res.send('Hello, HTTPS World!');
});

server.listen(port, () => {
  console.log(`HTTPS server is running on port ${port}`);
});

参考

• https://serverfault.com/questions/224122/what-is-crt-and-key-files-and-how-to-generate-them
• https://gist.github.com/williamdes/a8f15c7acaa71cd4437c4a903784f0e1
• https://gist.github.com/Dreamacro/482a6b89bd4754332e563e37b2446110
• https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker