javascript - 如何在 HTTPS 配置的 Express 服务器上避免 "Site not secure"

Question

我正在创建一个 Express 应用程序，我想在其中使用 HTTPS。我在 StartSSL.com 创建了一个证书，并将其导入到我的服务器中，现在可以正确建立到服务器的连接。

但是有一些问题:

为什么会发生这种情况？我是否必须以某种方式添加中间证书？该证书应该已经签名，但我可能是错的。这是我在index.js中的配置部分:

var bodyParser = require('body-parser');
app.use(bodyParser.json()); // support json encoded bodies
app.use(force_https);
app.use(bodyParser.urlencoded({ extended: true })); // support encoded bodies

app.use(helmet());
app.disable('x-powered-by');
app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
  });

// Setup HTTPS
const httpsPort = 3443;
const options = {
  key: fs.readFileSync("./key.pem", "utf8"),
  cert: fs.readFileSync("./cert.pem", "utf8")
};

var secureServer = https.createServer(options, app).listen(httpsPort, () => {
    console.log(">> CentraliZr listening at port "+httpsPort);
});

我的证书包含以下内容(共享它没有问题；这只是一个测试应用程序):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3084 (0xc0c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Seattle, O=getaCert - www.getacert.com
        Validity
            Not Before: Oct 23 16:54:10 2017 GMT
            Not After : Dec 22 16:54:10 2017 GMT
        Subject: C=ES, ST=Madrid, L=Madrid, O=centralizr, OU=devops, CN=centralizr.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:98:23:37:c0:18:77:4d:a1:22:b4:97:08:bb:c8:
                    11:06:03:ab:40:f3:da:ed:ff:e4:bc:5c:e9:60:86:
                    3f:ff:b3:49:93:b1:af:8c:cd:90:ae:96:24:d2:13:
                    f3:cd:d0:90:c3:34:9b:d9:72:4c:f7:95:48:27:c6:
                    0b:33:15:a0:a9:4f:14:03:e2:02:ac:67:b1:10:b6:
                    78:45:c1:75:bb:50:18:8f:40:58:0e:a1:d9:a1:89:
                    ec:1f:80:31:1f:dc:30:53:6a:97:1b:6e:99:0d:13:
                    8c:de:c2:32:1b:7e:06:43:e3:d3:34:77:62:85:fe:
                    2b:2f:87:a3:0d:85:92:75:97:95:10:49:6b:ee:77:
                    03:56:a7:a9:fd:d6:77:d9:da:10:6d:fa:77:34:99:
                    0f:ee:17:27:3c:9c:bc:08:94:9b:a1:c9:fa:81:a9:
                    d8:94:05:d1:69:40:08:28:e4:42:b1:be:21:2e:dc:
                    21:16:e3:4a:25:55:da:f6:7b:5f:2c:32:0e:af:88:
                    cb:da:cc:e5:c0:cf:80:1b:33:91:27:aa:bf:ab:ef:
                    bd:a8:77:f8:6e:46:1a:cb:e3:38:d9:a9:3f:3d:9b:
                    36:b5:8e:fd:b3:01:90:18:c5:b1:b0:09:c3:39:5b:
                    60:e8:9f:cc:26:9b:e2:3b:5c:7c:41:50:2f:0e:fe:
                    eb:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Client, SSL Server, S/MIME, Object Signing
            X509v3 Key Usage: 
                Key Encipherment
    Signature Algorithm: sha256WithRSAEncryption
         76:67:0f:a8:e0:eb:46:ef:dc:b2:76:c8:f4:7d:55:0a:dd:62:
         02:6a:54:f4:ab:de:49:89:31:1e:26:2b:b5:61:04:7c:31:80:
         c2:92:6e:ae:b7:97:86:cf:5b:7e:23:c4:ba:46:f1:57:6e:ea:
         c6:70:06:e9:79:f8:03:5c:fc:ac:8c:f3:02:22:b6:71:1a:ac:
         22:87:b1:26:c8:d3:6d:09:d2:22:6a:d1:b2:d0:17:94:6b:36:
         ce:99:84:7f:7d:26:09:bd:82:69:b1:59:a0:34:cc:5b:fb:19:
         e8:40:03:21:6a:fd:40:74:2b:a6:08:ef:c8:3c:86:31:fb:1e:
         ac:a5:09:7f:f5:7f:68:bd:4c:28:89:c0:35:24:d6:73:0e:f7:
         68:aa:b3:40:3c:49:22:40:54:ee:8b:eb:a3:39:ef:31:e8:72:
         fa:33:93:fd:45:a8:11:d6:c0:11:73:ac:8e:2c:c0:7e:17:0a:
         25:46:05:e4:ae:bc:6d:a5:16:df:fb:ee:8c:cb:7f:d2:82:14:
         22:23:d4:67:92:ad:ce:ca:77:36:52:ea:86:fb:8b:db:ef:b2:
         bb:da:4f:66:d9:45:af:45:0a:15:5d:f6:32:2d:d3:3c:73:21:
         bc:aa:f0:c8:16:3e:62:43:4a:61:e7:db:24:86:e3:79:13:5e:
         62:63:22:30
-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgICDAwwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT
G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xNzEwMjMxNjU0MTBaFw0x
NzEyMjIxNjU0MTBaMG4xCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzAN
BgNVBAcTBk1hZHJpZDETMBEGA1UEChMKY2VudHJhbGl6cjEPMA0GA1UECxMGZGV2
b3BzMRcwFQYDVQQDEw5jZW50cmFsaXpyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJgjN8AYd02hIrSXCLvIEQYDq0Dz2u3/5Lxc6WCGP/+zSZOx
r4zNkK6WJNIT883QkMM0m9lyTPeVSCfGCzMVoKlPFAPiAqxnsRC2eEXBdbtQGI9A
WA6h2aGJ7B+AMR/cMFNqlxtumQ0TjN7CMht+BkPj0zR3YoX+Ky+How2FknWXlRBJ
a+53A1anqf3Wd9naEG36dzSZD+4XJzycvAiUm6HJ+oGp2JQF0WlACCjkQrG+IS7c
IRbjSiVV2vZ7XywyDq+Iy9rM5cDPgBszkSeqv6vvvah3+G5GGsvjONmpPz2bNrWO
/bMBkBjFsbAJwzlbYOifzCab4jtcfEFQLw7+618CAwEAAaMtMCswCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBPAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBCwUA
A4IBAQB2Zw+o4OtG79yydsj0fVUK3WICalT0q95JiTEeJiu1YQR8MYDCkm6ut5eG
z1t+I8S6RvFXburGcAbpefgDXPysjPMCIrZxGqwih7EmyNNtCdIiatGy0BeUazbO
mYR/fSYJvYJpsVmgNMxb+xnoQAMhav1AdCumCO/IPIYx+x6spQl/9X9ovUwoicA1
JNZzDvdoqrNAPEkiQFTui+ujOe8x6HL6M5P9RagR1sARc6yOLMB+FwolRgXkrrxt
pRbf++6My3/SghQiI9Rnkq3Oync2UuqG+4vb77K72k9m2UWvRQoVXfYyLdM8cyG8
qvDIFj5iQ0ph59skhuN5E15iYyIw
-----END CERTIFICATE-----

那么，有两个问题:

1. 为什么会出现此错误？
2. 我向那里发送的信息至少是加密的吗？

谢谢!

编辑:这是我的导航器抛出的错误:

NET::ERR_CERT_AUTHORITY_INVALID

Answer 1

1. 证书的主题必须与您正在访问的域匹配。该证书似乎对 localhost 无效。事实上，适当的 CA 实际上不可能向您颁发 localhost 证书，因为他们不可能验证该域。
2. Chrome 和许多其他浏览器，stopped accepting StartCom certificates有效。

获取localhost有效证书的唯一方法是创建一个自签名根证书，将其安装在所有相关的本地信任存储中，并使用该来签署自行创建的证书。