当前位置：首页 > news >正文

mac制作ssl证书|生成自签名证书，nodejs+express在mac上搭建https+wss(websocket)服务器

news 2025/8/23 15:37:41

注意

mac 自带 openssl 所以没必要像 windows 一样先安装 openssl，直接生成即可

生成 ssl/自签名证书

生成 key

# 生成rsa私钥，des3算法，server_ssl.key是秘钥文件名 1024位强度
openssl genrsa -des3 -out server_ssl.key 1024

让输入两次密码，随便，但是两次得是一样的

移除密码

# 这里执行完上一步的密码即已经被移除了
openssl rsa -in server_ssl.key -out server_ssl.key

生成 csr

# -new 执行生成新的证书请求
# -key 指定密钥
openssl req -new -key server_ssl.key -out server_ssl.csr

Country Name (2 letter code) [国家]:CN
State or Province Name (full name) [省份]:Beijing
Locality Name (eg, city) [城市]:Beijing
Organization Name (eg, company) [组织/公司]:zgp
Organizational Unit Name (eg, section) [部门/单位]:zgp
Common Name (eg, fully qualified host name) [域名]:test.zgp.cn
Email Address [邮箱]:demo@outlook.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password [上一步已经移除，直接回车即可]:

生成证书

# x509 根据现有的证书请求生成自签名根证书
# -days 设置证书的有效天数
# -in 指定输入证书请求文件
openssl x509 -req -days 365 -in server_ssl.csr -signkey server_ssl.key -out server_ssl.crt

执行过程截图

在这里插入图片描述

创建 nodejs 的 https/wss 服务

创建 express 项目就不多说了，自行查看：nodejs+express自动生成项目
express 文档地址https://www.expressjs.com.cn/starter/generator.html

修改的 bin/www 文件

#!/usr/bin/env node/*** Module dependencies.*/var app = require('../app');
var debug = require('debug')('express-io:server');
const fs = require('fs');
const path = require('path');
// var http = require('http');
var https = require('https');
// 引入 socket.io
const { Server } = require('socket.io')
/*** Get port from environment and store in Express.*/var port = normalizePort(process.env.PORT || '3001');
app.set('port', port);/*** Create HTTPS server.* 加上 ssl 证书*/
const httpsOption = {key: fs.readFileSync(path.resolve(__dirname, "../certificate/server_ssl.key")),cert: fs.readFileSync(path.resolve(__dirname, "../certificate/server_ssl.crt"))
}
var server = https.createServer(httpsOption, app);
// 创建 websocket 服务器代码
const io = new Server(server, {cors: {origin: "*"}});// 客户端连接成功会输出连接 id 以及 客户端传惨 queryio.on('connection', (socket)=>{console.log(socket.id)console.log(socket.handshake.query)})
/*** Listen on provided port, on all network interfaces.*/server.listen(port, () => {console.log(`server listening on port: ${port}`)
});
server.on('error', onError);
server.on('listening', onListening);/*** Normalize a port into a number, string, or false.*/function normalizePort(val) {var port = parseInt(val, 10);if (isNaN(port)) {// named pipereturn val;}if (port >= 0) {// port numberreturn port;}return false;
}/*** Event listener for HTTP server "error" event.*/function onError(error) {if (error.syscall !== 'listen') {throw error;}var bind = typeof port === 'string'? 'Pipe ' + port: 'Port ' + port;// handle specific listen errors with friendly messagesswitch (error.code) {case 'EACCES':console.error(bind + ' requires elevated privileges');process.exit(1);break;case 'EADDRINUSE':console.error(bind + ' is already in use');process.exit(1);break;default:throw error;}
}/*** Event listener for HTTP server "listening" event.*/function onListening() {var addr = server.address();var bind = typeof addr === 'string'? 'pipe ' + addr: 'port ' + addr.port;debug('Listening on ' + bind);
}

创建个客户端测试

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><script src="https://cdn.socket.io/4.4.1/socket.io.min.js" integrity="sha384-fKnu0iswBIqkjxrhQCTZ7qlLHOFEgNkRmK2vaO/LbTZSXdJfAu6ewRBdwHPhBo/H" crossorigin="anonymous"></script><title>Document</title>
</head>
<body><script>(()=>{const socket = io('wss://localhost:3001', {autoConnect: false,query: {openid: 'sajfklsadjflkdsa'}})socket.connect()socket.on("connect", ()=>{console.log(socket.id)})socket.io.on('close', ()=>{console.log('close');})})()</script>
</body>
</html>