2016. 9. 2. 14:53ㆍ서버 프로그래밍
자체 Https 테스트를 위해 OpenSSL과 Node.js로 Https Server 만들기
http://blog.saltfactory.net/node/implements-nodejs-based-https-server.html
위의 예제는 Windows openssl을 이용한 것이 아니라서, 다음을 참고해서 windows용 openssl 설치하고 실행했다.
http://zero-gravity.tistory.com/239
키 생성을 하려고 하니 CNF 파일이 없다는 메시지가 딱!
그래서 stackoverflow에서 관련 Q&A 내용을 검색해보다가 OPENSSL_CONF 경로를 openssl.cfg로 해주어야 한다는 것을 발견했다.
OpenSSL and error in reading openssl.conf file
http://stackoverflow.com/questions/7360602/openssl-and-error-in-reading-openssl-conf-file
set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg
take care of the right extension (openssl.cfg not cnf)!
I have installed OpenSSL from here: http://slproweb.com/products/Win32OpenSSL.html
그래서 OPENSSL_CONF 설정을 고치고 다시 시도하니 성공~!!
C:\OpenSSL-Win32\bin>set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
C:\OpenSSL-Win32\bin>openssl genrsa 1024 > key.pem
Generating RSA private key, 1024 bit long modulus
.......++++++
.........++++++
e is 65537 (0x010001)
C:\OpenSSL-Win32\bin>openssl req -new -x509 -key key.pem -out cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CARAMEL
Organizational Unit Name (eg, section) []:CARAMEL
Common Name (e.g. server FQDN or YOUR name) []:KumhoJeong
Email Address []:kumho.jeong@mindquake.co
C:\OpenSSL-Win32\bin>type cert.pem
-----BEGIN CERTIFICATE-----
MIIC8TCCAlqgAwIBAgIJAI+5j1aj9FndMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
VQQGEwJLTzEOMAwGA1UECAwFU0VPVUwxDjAMBgNVBAcMBVNFT1VMMRAwDgYDVQQK
DAdDQVJBTUVMMRAwDgYDVQQLDAdDQVJBTUVMMRMwEQYDVQQDDApLdW1ob0plb25n
MScwJQYJKoZIhvcNAQkBFhhrdW1oby5qZW9uZ0BtaW5kcXVha2UuY28wHhcNMTYw
OTAyMDU0NjE0WhcNMTYxMDAyMDU0NjE0WjCBjzELMAkGA1UEBhMCS08xDjAMBgNV
BAgMBVNFT1VMMQ4wDAYDVQQHDAVTRU9VTDEQMA4GA1UECgwHQ0FSQU1FTDEQMA4G
A1UECwwHQ0FSQU1FTDETMBEGA1UEAwwKS3VtaG9KZW9uZzEnMCUGCSqGSIb3DQEJ
ARYYa3VtaG8uamVvbmdAbWluZHF1YWtlLmNvMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC7IdmoaVuPjeg6eqoGQhou9zEtpWSHeVdfaq6dPZezjtYxBlQiBRp4
xqKI0CTKAA11ra6p0/0BHDCu08VVy+5r2TUePyxvUEMJmmr8HHKSoyICAcfj6Mdp
mAWdhJX49RRlaDGktF62PHOYvx7uJvtVayg+0nrXOf0SkH2wubYXQQIDAQABo1Mw
UTAdBgNVHQ4EFgQURYStvDWA6KX5DADlQynjkB2DDCAwHwYDVR0jBBgwFoAURYSt
vDWA6KX5DADlQynjkB2DDCAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOBgQCOGbQ7tH2wn13EBwUNWP5AX8bF5cl+sE1/s5vXuLKLdHswlR/vrQ3Nh/Wh
HPJAgwxZkieoj66f9KpSD2ElLH2K677/H+KgsOkltjSDv1JJLAjgSBclAK1Ca990
srOEMy4rlIIV0z5+MWCO+eSl1z4ltb4eCNFGDW+x9F069Yn9mQ==
-----END CERTIFICATE-----
------------------------------------------------------------------------------------------------------------------------
기껏 힘들게 HTTPS 서버를 실행하여 페이스북 메신저 API 연동을 위해 webhook 등록을 하려했더니
공인된 인증서가 아니라서 안된단다!
얼른 무료 인증서 발급 받는 방법을 찾아서 인증서를 발급 받았다.
https://blog.elpo.net/get-wosign-multidomain-certificate/
http://www.akadia.com/services/ssh_test_certificate.html
그리고 key 파일과 crt 파일을 이용하여 HTTPS 서버를 구동하면 된다.
require('https').createServer({
key: fs.readFileSync('/path/to/something.key'),
cert: fs.readFileSync('/path/to/something.crt'),
}, app).listen(443);