openssl req \
-newkey rsa:4096 \
-x509 \
-nodes \
-keyout localhost.key \
-new \
-out localhost.crt \
-subj /CN=localhost \
-reqexts SAN \
-extensions SAN \
-config <(cat /System/Library/OpenSSL/openssl.cnf \
<(printf '[SAN]\nsubjectAltName=DNS:localhost')) \
-sha256 \
-days 3650/CN=localhost 和 DNS:localhost 中的 localhost 改成你自己的域名
openssl pkcs12 -export -clcerts -in ${cert} -inkey ${key} -out ${output}.p12
openssl pkcs12 -export -clcerts -in localhost-cert.pem -inkey localhost-privkey.pem -out localhost.p12localhost.p12 导入到 mac认证, 并允许许可。
const http2 = require("http2");
const fs = require("fs");
const server = http2.createSecureServer({
key: fs.readFileSync("localhost-privkey.pem"),
cert: fs.readFileSync("localhost-cert.pem"),
});
server.on("error", (err) => console.error(err));
server.on("stream", (stream, headers) => {
// stream is a Duplex
stream.respond({
"content-type": "text/html; charset=utf-8",
":status": 200,
});
stream.end("<h1>Hello World</h1>");
});
server.listen(8443);