我正在尝试通过 Nodejs 连接到 NATS 服务器,但遇到了证书问题。
NATS 服务器位于公司 VPN 后面。不确定这是否是问题所在。经过 VPN 身份验证后,我可以连接到服务器本身,但我的代码却不能。
这是我在连接时尝试的最少代码:
const creds = `-----BEGIN NATS USER JWT-----
eyJ0eXAiOiJqdSDJB....
------END NATS USER JWT------
-----BEGIN USER NKEY SEED-----
SUAIBDPBAUTW....
------END USER NKEY SEED------
`;
async connectToNats(){
let connection;
try{
connection = await connect({
servers:[`nats://stage-nats1.company.net:4222`],
debug: true,
authenticator: credsAuthenticator(new TextEncoder().encode(creds)),
});
connection.subscribe('topicImInterestedIn')
}catch(e)
console.log(e)
}
错误:
Error [ERR_TLS_CERT_ALTNAME_INVALID] hostname/IP does not match certificate's altnames: Host: localhost. is not the cert's altnames: DNS:*.companyName.net, DNS:companyName.net
reason: "Host: localhost. is not in the cert's altnames: DNS:*.companyName.net, DNS:companyName.net
当我已经指定服务器时,我很困惑为什么这会尝试连接到本地主机。
答案是我需要两个凭据,即
NATS user jwt
和 nKey
,并设置 tlsOptions
,并将 cert.pem
和 cert.key
文件添加到连接中。
//Should really be read from file
const creds = `-----BEGIN NATS USER JWT-----
eyJ0eXAiOiJqdSDJB....
------END NATS USER JWT------
-----BEGIN USER NKEY SEED-----
SUAIBDPBAUTW....
------END USER NKEY SEED------
`;
const tlsOptions = {
key: fs.readFileSync("key.pem"),
cert: fs.readFileSync("cert.pem")
};
const nc = await connect({
servers: ["nats://localhost:4222"],
tls: tlsOptions,
authenticator: credsAuthenticator(new TextEncoder().encode(creds)),
});