最近使用electron開發客戶端,調用網絡的是後報(bào)Electron Security Warning,一(yī)想應該是本地測試環境用的是http而非https,之前chrome更新(xīn)的時(shí)候也(yě)強制https了(le),這(zhè)次索性使用https吧(ba)。
要讓開發環境使用https首先就(jiù)是要有一(yī)個(gè)簽名的證書,不多說(shuō)直接貼操作(zuò)過程。
1、首先編輯一(yī)個(gè)文件,命名成tynt.local.conf,你可以根據你自己需要命名,内容如(rú)下(xià)
[ req ]
default_bits = 2048
default_keyfile = local.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = ZJ #省份
localityName = Locality Name (eg, city)
localityName_default = Tong xiang #城市(shì)
organizationName = Organization Name (eg, company)
organizationName_default = TYNT #企業
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = tynt.local #最好(hǎo)(hǎo)和測試域名一(yī)緻
emailAddress = Email Address
emailAddress_default = cto@tynt.cn
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = *.tynt.local #這(zhè)裏開啓泛域名,以後任意如(rú) test.tynt.cn就(jiù)可以使用這(zhè)個(gè)證書,注意這(zhè)裏改成你自己的地址
IP.1 = 127.0.0.1
2、執行ssl命令生(shēng)成key和證書,命令如(rú)下(xià):
openssl req -config tynt.local.conf -new -sha256 -newkey rsa:2048 -nodes -keyout tynt.local.key -x509 -days 1825 -out tynt.local.pem
上(shàng)面注意 config 為(wèi)上(shàng)面文件的名字,同步更改,keyout是輸出的key的名字,out是證書的名字,這(zhè)2個(gè)要配置到nginx中的,回車後一(yī)路(lù)回車最後目錄下(xià)就(jiù)生(shēng)成了(le)一(yī)個(gè)key和一(yī)個(gè)pem文件。
3、配置nginx
server {
listen 443 ssl;
server_name demo.tynt.local;
ssl_certificate /Users/charles_li/project/system/cert/tynt.local.pem;
ssl_certificate_key /Users/charles_li/project/system/cert/tynt.local.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
3.浏覽器(qì)中直接訪問 https://demo.tynt.local
會出現(xiàn)如(rú)下(xià)截圖,注意打開chrome的調試,點擊Security,再點擊view certifcate,在彈出證書窗口将左側證書圖标拉到你的目錄中
然後雙擊目錄中的證書文件,系統會打開鑰匙串并且在鑰匙串中顯示該證書,在鑰匙串中雙擊該證書,打開如(rú)下(xià)圖所示,将信任改成始終信任,關(guān)閉鑰匙串重新(xīn)刷新(xīn)浏覽器(qì)就(jiù)生(shēng)效了(le)。
