HTTPS 证书生成与配置

创建 key

openssl req \
    -newkey rsa:4096 \
    -x509 \
    -nodes \
    -keyout localhost.key \
    -new \
    -out localhost.crt \
    -subj /CN=localhost \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat /System/Library/OpenSSL/openssl.cnf \
        <(printf '[SAN]\nsubjectAltName=DNS:localhost')) \
    -sha256 \
    -days 3650

/CN=localhost 和 DNS:localhost 中的 localhost 改成你自己的域名

创建 P12

openssl pkcs12 -export -clcerts -in ${cert} -inkey ${key} -out ${output}.p12
openssl pkcs12 -export -clcerts -in localhost-cert.pem -inkey localhost-privkey.pem -out localhost.p12

localhost.p12 导入到 mac认证, 并允许许可。

Node.js HTTP/2 服务器

const http2 = require("http2");
const fs = require("fs");

const server = http2.createSecureServer({
  key: fs.readFileSync("localhost-privkey.pem"),
  cert: fs.readFileSync("localhost-cert.pem"),
});
server.on("error", (err) => console.error(err));

server.on("stream", (stream, headers) => {
  // stream is a Duplex
  stream.respond({
    "content-type": "text/html; charset=utf-8",
    ":status": 200,
  });
  stream.end("<h1>Hello World</h1>");
});

server.listen(8443);