本文寫於2024年9月2日, 維護有效期兩年.
先說解決方法, 進入anywhere的keys目錄,即/usr/local/lib/node_modules/anywhere/keys後,備份後生成rsa:2048位的新證書.
最近學習vite+vue, 跟著這個文件做的https://segmentfault.com/a/1190000041324864
可是在進入dist輸出目錄後,執行amywhere命令出錯: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
函式呼叫棧為
[root@fts24x dist]# anywhere
node:internal/tls/secure-context:70
context.setCert(cert);
^
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at node:internal/tls/secure-context:70:13
at Array.forEach (<anonymous>)
at setCerts (node:internal/tls/secure-context:68:3)
at configSecureContext (node:internal/tls/secure-context:157:5)
at Object.createSecureContext (node:_tls_common:116:3)
at Server.setSecureContext (node:_tls_wrap:1439:27)
at Server (node:_tls_wrap:1303:8)
at new Server (node:https:75:3)
at Object.createServer (node:https:131:10)
at Object.<anonymous> (/usr/local/lib/node_modules/anywhere/bin/anywhere:169:7) {
library: 'SSL routines',
function: 'SSL_CTX_use_certificate',
reason: 'ee key too small',
code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}
Node.js v20.5.1
原因是1024位金鑰被nodejs認為安全性不夠.
測試環境下生成rsa:2048位的新證書的方法:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
好像只要填寫Country Name:CN and common name:localhost這兩個就夠了.其他的在瀏覽器訪問提示時接受風險.