RHEL8.9中anywhere报错error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small的解决办法.

本文写于2024年9月2日, 维护有效期两年.

先说解决方法, 进入anywhere的keys目录,即/usr/local/lib/node_modules/anywhere/keys后,备份后生成rsa:2048位的新证书.

 

最近学习vite+vue, 跟着这个文档做的https://segmentfault.com/a/1190000041324864

可是在进入dist输出目录后,运行amywhere命令出错: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

函数调用栈为

 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[root@fts24x dist]# anywhere node:internal/tls/secure-context:70     context.setCert(cert);             ^   Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small     at node:internal/tls/secure-context:70:13     at Array.forEach (<anonymous>)     at setCerts (node:internal/tls/secure-context:68:3)     at configSecureContext (node:internal/tls/secure-context:157:5)     at Object.createSecureContext (node:_tls_common:116:3)     at Server.setSecureContext (node:_tls_wrap:1439:27)     at Server (node:_tls_wrap:1303:8)     at new Server (node:https:75:3)     at Object.createServer (node:https:131:10)     at Object.<anonymous> (/usr/local/lib/node_modules/anywhere/bin/anywhere:169:7) {   library: 'SSL routines',   function: 'SSL_CTX_use_certificate',   reason: 'ee key too small',   code: 'ERR_SSL_EE_KEY_TOO_SMALL' }   Node.js v20.5.1

原因是1024位密钥被nodejs认为安全性不够.

测试环境下生成rsa:2048位的新证书的方法:

?

1	openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

好像只要填写Country Name:CN and common name:localhost这两个就够了.其他的在浏览器访问提示时接受风险.