Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

what is the correct way to feed an ssl certificate into phantomjs

I need to access an internal site protected via client side certificates. Therefore to use phantomjs I exported the certificate I use in Firefox to access the site and converted it into private key and certificate using openssl command line. I now what phantomjs to present that certificate to the ssl server when accessing a page on the server. How do I do it?

I've tried this

phantomjs --ssl-certificates-path=/etc/pki  --ignore-ssl-errors=yes --proxy=myproxy:myport test.js

with /etc/pki being the path I've put the certificate and key

test.js is just this;-

page = require('webpage').create()
page.open('https://myprotectedsite/', function(status) {
console.log(status);
phantom.exit();
})

But it doesn't work. console.log(status) is always 'fail'

What do I need to do?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The feature it's implemented you can see on github project, the thing is that it's not already included in the actual stable release (2.0.0), however it's planned to be included on 2.0.1 release. Meanwhile you can download a 2.0.1 build from here (the link is from git discussion).

I try using 2.0.1 version and I can access to the site correctly passing the SSL client authorization with the follow command:

Finally new PhantomJS 2.1 version was released which includes this feature, you can download from here and test the SSL client authorization using the follow command:

phantomjs --ssl-client-certificate-file=C:mpclientcert.cer 
          --ssl-client-key-file=C:mpclientcert.key 
          --ssl-client-key-passphrase=1111 
          --ignore-ssl-errors=true 
          C:mpest.js

Notes

I only test this on Windows.

I try to use a PKCS12 file as keystore but seems that with this format doesn't work, so using openssl I extract the certificate and the private key using the follow commands:

Extract cert for --ssl-client-certificate-file parameter

openssl pkcs12 -nokeys -clcerts -in a.p12 -out clientcert.cer

Extract key for --ssl-client-key-file parameter

openssl pkcs12 -nocerts -in a.p12 -out clientcert.key

Additionally I use --ignore-ssl-errors=true to avoid the configuration of the trust store for the validation of the server certificate.

As script I use test.js which contains the same has OP show on the question:

page = require('webpage').create()
page.open('https://myproject', function(status) {
      page.render('C:/temp/connect.png');
      console.log(status);
      phantom.exit();
})

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...