The pseudo-command req has roughly three functions: generating a certificate request file, verifying the certificate request file and creating a root CA. Since the openssl req command has many options, I will give a few examples first, and then focus on the options of openssl req.
First explain what is needed to generate a certificate request: the applicant needs to put his or her information and his public key into the certificate request. But in actual operation, you need to provide the private key instead of the public key, because it will automatically extract the public key from the private key. In addition, the provided data needs to be digitally signed (using one-way encryption) to ensure the integrity and consistency of the certificate request file and prevent others from stealing and tampering with it, such as a hacker applying for www.baidu.com The company name in the certificate request file is changed to the other party's company name. If the tampering can be successful, when the certificate request is signed, the issued certificate information will become other people's information.
So the first step is to create the private key pri_key.pem. In fact, the private key file is not necessary, because openssl req will automatically create it in a specific path when it is needed. It is created here for the purpose of illustration.
[root@xuexi tmp]# openssl genrsa -out pri_key.pem
(1). Generate a new certificate request file based on the private key pri_key.pem. Among them, "-new" means to generate a new certificate request file, "-key" specifies the private key file, and "-out" specifies the output file. The output file here is the certificate request file.
[root@xuexi tmp]# openssl req -new -key pri_key.pem -out req1.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:FJ Locality Name (eg, city) [Default City]:XM Organization Name (eg, company) [Default Company Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:www.youwant.comEmail Address []: Please enter the following 'extra' attributes # 下面两项几乎不用考虑,留空即可 to be sent with your certificate request A challenge password []:. An optional company name []:.
After pressing the Enter key, it will enter the interactive mode by default allowing you to provide your personal information. It should be noted that if someone If you do not want to fill in some information, you can choose to use the default value, or you can choose to leave it blank. If you press Enter directly, you will choose to use the default value. Entering "." will indicate that the information item is left blank. However, some items are required, otherwise future certificate signing will fail. For example, "Common Name" indicates which domain name, subdomain name or host to apply for a certificate for. After future certificate requests are signed, they can only be applied to the address specified by "Common Name". The specific required fields also need to be defined in the configuration file used (the default configuration file is /etc/pki/tls/openssl.cnf). We will not discuss the configuration-related content here, only provide the Common Name.
In addition to the "-new" option, the "-newkey" option can also be used to create a certificate request file. We will not give examples of the usage of "-newkey" here. There will be examples later.
(2). View the contents of the certificate request file.
A new certificate request file req1.csr has now been generated. Check the contents of the certificate request file.
[root@xuexi tmp]# cat req1.csr-----BEGIN CERTIFICATE REQUEST----- # 证书请求的内容 MIIBgDCB6gIBADBBMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkoxCzAJBgNVBAcM AlhNMRgwFgYDVQQDDA93d3cueW91d2FudC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMbx9bfsC0GTn7DijfGFs56Fb8atX9ABRDE/wmE74jXjdfbH4ZOg Te0Orlu5pA4jqXDgSLzlQvjD6QsyhToyvtyQbgGSfXSVOPcgfAohDNo9t6+mnvs/5rFQJ1+uI6gsLMbwQBJidLGnM1pOvFo2671Vm2jewDLVweGP5wmIfDyLAgMBAAGg ADANBgkqhkiG9w0BAQUFAAOBgQAqKYjNKKpNCvwDNeDeYynOx1XD/OYgAU43Sq03 aRUcKenqICkvkXkUE+H0lYMtXcDL/rgDyjlKvwartgZ/ngoKSwtXhd4UivII2hNN jolE3gfe8KGjMpnX/8oxkJIoSTETqee+11ez8E2fya1DwoQnKpXjTt5qya8VWflt DG8WmA== -----END CERTIFICATE REQUEST-----
For more specific information, you can use the openssl req command to view. The command is as follows, where the "-in" option specifies the certificate request file.
[root@xuexi tmp]# openssl req -in req1.csr-----BEGIN CERTIFICATE REQUEST----- # 证书请求的内容 MIIBgDCB6gIBADBBMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkoxCzAJBgNVBAcM AlhNMRgwFgYDVQQDDA93d3cueW91d2FudC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMbx9bfsC0GTn7DijfGFs56Fb8atX9ABRDE/wmE74jXjdfbH4ZOg Te0Orlu5pA4jqXDgSLzlQvjD6QsyhToyvtyQbgGSfXSVOPcgfAohDNo9t6+mnvs/5rFQJ1+uI6gsLMbwQBJidLGnM1pOvFo2671Vm2jewDLVweGP5wmIfDyLAgMBAAGg ADANBgkqhkiG9w0BAQUFAAOBgQAqKYjNKKpNCvwDNeDeYynOx1XD/OYgAU43Sq03 aRUcKenqICkvkXkUE+H0lYMtXcDL/rgDyjlKvwartgZ/ngoKSwtXhd4UivII2hNN jolE3gfe8KGjMpnX/8oxkJIoSTETqee+11ez8E2fya1DwoQnKpXjTt5qya8VWflt DG8WmA== -----END CERTIFICATE REQUEST-----
When viewing the request file, you can combine several other options to output specific content. The "-text" option means to output the contents of the certificate request file in text format.
[root@xuexi tmp]# openssl req -in req1.csr -text Certificate Request: # 此为证书请求文件头 Data: Version: 0 (0x0)Subject: C=CN, ST=FJ, L=XM, CN=www.youwant.com # 此为提供的个人信息,注意左侧标头为"Subject",这是很重要的一项 Subject Public Key Info: Public Key Algorithm: rsaEncryption # 使用的公钥算法 Public-Key: (1024 bit) # 公钥的长度 Modulus:00:c6:f1:f5:b7:ec:0b:41:93:9f:b0:e2:8d:f1:85: b3:9e:85:6f:c6:ad:5f:d0:01:44:31:3f:c2:61:3b: e2:35:e3:75:f6:c7:e1:93:a0:4d:ed:0e:ae:5b:b9: a4:0e:23:a9:70:e0:48:bc:e5:42:f8:c3:e9:0b:32:85:3a:32:be:dc:90:6e:01:92:7d:74:95:38:f7:20: 7c:0a:21:0c:da:3d:b7:af:a6:9e:fb:3f:e6:b1:50:27:5f:ae:23:a8:2c:2c:c6:f0:40:12:62:74:b1:a7:33:5a:4e:bc:5a:36:eb:bd:55:9b:68:de:c0:32:d5: c1:e1:8f:e7:09:88:7c:3c:8b Exponent: 65537 (0x10001) Attributes: a0:00Signature Algorithm: sha1WithRSAEncryption # 为请求文件数字签名时使用的算法 2a:29:88:cd:28:aa:4d:0a:fc:03:35:e0:de:63:29:ce:c7:55: c3:fc:e6:20:01:4e:37:4a:ad:37:69:15:1c:29:e9:ea:20:29: 2f:91:79:14:13:e1:f4:95:83:2d:5d:c0:cb:fe:b8:03:ca:39: 4a:bf:06:ab:b6:06:7f:9e:0a:0a:4b:0b:57:85:de:14:8a:f2: 08:da:13:4d:8e:89:44:de:07:de:f0:a1:a3:32:99:d7:ff:ca: 31:90:92:28:49:31:13:a9:e7:be:d7:57:b3:f0:4d:9f:c9:ad: 43:c2:84:27:2a:95:e3:4e:de:6a:c9:af:15:59:f9:6d:0c:6f: 16:98-----BEGIN CERTIFICATE REQUEST----- MIIBgDCB6gIBADBBMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkoxCzAJBgNVBAcM AlhNMRgwFgYDVQQDDA93d3cueW91d2FudC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMbx9bfsC0GTn7DijfGFs56Fb8atX9ABRDE/wmE74jXjdfbH4ZOg Te0Orlu5pA4jqXDgSLzlQvjD6QsyhToyvtyQbgGSfXSVOPcgfAohDNo9t6+mnvs/5rFQJ1+uI6gsLMbwQBJidLGnM1pOvFo2671Vm2jewDLVweGP5wmIfDyLAgMBAAGg ADANBgkqhkiG9w0BAQUFAAOBgQAqKYjNKKpNCvwDNeDeYynOx1XD/OYgAU43Sq03 aRUcKenqICkvkXkUE+H0lYMtXcDL/rgDyjlKvwartgZ/ngoKSwtXhd4UivII2hNN jolE3gfe8KGjMpnX/8oxkJIoSTETqee+11ez8E2fya1DwoQnKpXjTt5qya8VWflt DG8WmA== -----END CERTIFICATE REQUEST-----
Use "-text" and "-noout" together to output only the file header part of the certificate request.
[root@xuexi tmp]# openssl req -in req1.csr -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: C=CN, ST=FJ, L=XM, CN=www.youwant.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus:00:c6:f1:f5:b7:ec:0b:41:93:9f:b0:e2:8d:f1:85: b3:9e:85:6f:c6:ad:5f:d0:01:44:31:3f:c2:61:3b: e2:35:e3:75:f6:c7:e1:93:a0:4d:ed:0e:ae:5b:b9: a4:0e:23:a9:70:e0:48:bc:e5:42:f8:c3:e9:0b:32:85:3a:32:be:dc:90:6e:01:92:7d:74:95:38:f7:20: 7c:0a:21:0c:da:3d:b7:af:a6:9e:fb:3f:e6:b1:50:27:5f:ae:23:a8:2c:2c:c6:f0:40:12:62:74:b1:a7:33:5a:4e:bc:5a:36:eb:bd:55:9b:68:de:c0:32:d5: c1:e1:8f:e7:09:88:7c:3c:8b Exponent: 65537 (0x10001) Attributes: a0:00Signature Algorithm: sha1WithRSAEncryption # 为请求文件数字签名时使用的算法 2a:29:88:cd:28:aa:4d:0a:fc:03:35:e0:de:63:29:ce:c7:55: c3:fc:e6:20:01:4e:37:4a:ad:37:69:15:1c:29:e9:ea:20:29: 2f:91:79:14:13:e1:f4:95:83:2d:5d:c0:cb:fe:b8:03:ca:39: 4a:bf:06:ab:b6:06:7f:9e:0a:0a:4b:0b:57:85:de:14:8a:f2: 08:da:13:4d:8e:89:44:de:07:de:f0:a1:a3:32:99:d7:ff:ca: 31:90:92:28:49:31:13:a9:e7:be:d7:57:b3:f0:4d:9f:c9:ad: 43:c2:84:27:2a:95:e3:4e:de:6a:c9:af:15:59:f9:6d:0c:6f: 16:98
You can also output only the subject part.
[root@xuexi tmp]# openssl req -in req2.csr -subject -noout subject=/C=CN/ST=FJ/L=XM/CN=www.youwant.com
You can also use "-pubkey" to output the public key content in the certificate request file. If the public key is extracted from the private key provided when applying for a certificate request, the contents of the two public keys are completely consistent.
[root@xuexi tmp]# openssl req -in req1.csr -pubkey -noout-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8fW37AtBk5+w4o3xhbOehW/G rV/QAUQxP8JhO+I143X2x+GToE3tDq5buaQOI6lw4Ei85UL4w+kLMoU6Mr7ckG4B kn10lTj3IHwKIQzaPbevpp77P+axUCdfriOoLCzG8EASYnSxpzNaTrxaNuu9VZto 3sAy1cHhj+cJiHw8iwIDAQAB-----END PUBLIC KEY-----
[root@xuexi tmp]# openssl rsa -in pri_key.pem -pubout writing RSA key-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8fW37AtBk5+w4o3xhbOehW/G rV/QAUQxP8JhO+I143X2x+GToE3tDq5buaQOI6lw4Ei85UL4w+kLMoU6Mr7ckG4B kn10lTj3IHwKIQzaPbevpp77P+axUCdfriOoLCzG8EASYnSxpzNaTrxaNuu9VZto 3sAy1cHhj+cJiHw8iwIDAQAB-----END PUBLIC KEY-----
(3). Specify the signature algorithm in the certificate request file.
Notice that one item in the header of the certificate request file is "Signature Algorithm", which indicates which digital signature algorithm is used. The default is sha1, and md5, sha512, etc. are also supported. For more supported signature algorithms, see the content listed in "openssl dgst --help". For example, the md5 algorithm is specified here.
[root@xuexi tmp]# openssl req -new -key pri_key.pem -out req2.csr -md5 [root@xuexi tmp]# openssl req -in req2.csr -noout -text | grep Algo Public Key Algorithm: rsaEncryption Signature Algorithm: md5WithRSAEncryption
(4). Verify the digital signature of the request file, so as to verify whether the certificate request file has been tampered with. The "-verify" option in the following command means to verify the digital signature of the certificate request file.
[root@xuexi tmp]# openssl req -verify -in req2.csrverify OK-----BEGIN CERTIFICATE REQUEST-----MIIBgDCB6gIBADBBMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkoxCzAJBgNVBAcM AlhNMRgwFgYDVQQDDA93d3cueW91d2FudC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMbx9bfsC0GTn7DijfGFs56Fb8atX9ABRDE/wmE74jXjdfbH4ZOg Te0Orlu5pA4jqXDgSLzlQvjD6QsyhToyvtyQbgGSfXSVOPcgfAohDNo9t6+mnvs/5rFQJ1+uI6gsLMbwQBJidLGnM1pOvFo2671Vm2jewDLVweGP5wmIfDyLAgMBAAGg ADANBgkqhkiG9w0BAQQFAAOBgQCcvWuwmeAowbqLEsSpBVGnRfDEeH897v1r/SaX 9yYhpc3Kp5HKQ3LpSZBYGxlIsE6I3DMT5d1wcPeKRi8B6BIfemYOEbhLVGLmhNAg iHyV/s1/TaOc31QZMY1HvD5BTOlhed+MpevWAFX2CRXuhKYBOimCrGNJxrFj4srJ M1zDOA== -----END CERTIFICATE REQUEST-----
The "verify OK" in the first line of the result indicates that the certificate request file is complete and has not been tampered with, but the certificate request is also output. Content. If you don't want to output this part of the content, use the "-noout" option.
[root@xuexi tmp]# openssl req -verify -in req2.csr -noout verify OK
(5).自签署证书,可用于自建根CA时。
使用openssl req自签署证书时,需要使用"-x509"选项,由于是签署证书请求文件,所以可以指定"-days"指定所颁发的证书有效期。
[root@xuexi tmp]# openssl req -x509 -key pri_key.pem -in req1.csr -out CA1.crt -days 365
由于openssl req命令的主要功能是创建和管理证书请求文件,所以没有提供对证书文件的管理能力,暂时也就只能通过cat来查看证书文件CA1.crt了。
[root@xuexi tmp]# cat CA1.crt-----BEGIN CERTIFICATE-----MIICUDCCAbmgAwIBAgIJAIrxQ+zicLzIMA0GCSqGSIb3DQEBBQUAMEExCzAJBgNV BAYTAkNOMQswCQYDVQQIDAJGSjELMAkGA1UEBwwCWE0xGDAWBgNVBAMMD3d3dy55 b3V3YW50LmNvbTAeFw0xNzA2MjcwNzU0NTJaFw0xODA2MjcwNzU0NTJaMEExCzAJ BgNVBAYTAkNOMQswCQYDVQQIDAJGSjELMAkGA1UEBwwCWE0xGDAWBgNVBAMMD3d3 dy55b3V3YW50LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxvH1t+wL QZOfsOKN8YWznoVvxq1f0AFEMT/CYTviNeN19sfhk6BN7Q6uW7mkDiOpcOBIvOVC+MPpCzKFOjK+3JBuAZJ9dJU49yB8CiEM2j23r6ae+z/msVAnX64jqCwsxvBAEmJ0 saczWk68WjbrvVWbaN7AMtXB4Y/nCYh8PIsCAwEAAaNQME4wHQYDVR0OBBYEFMLa Dm9yZeRh3Bu+zmpU2iKbQBQgMB8GA1UdIwQYMBaAFMLaDm9yZeRh3Bu+zmpU2iKb QBQgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAd2CJPe987RO34ySA 7EC0zQkhDz9d2vvvPWYjq0XA/frntlKKhgFwypWPBwwFTBwfvLHMnNpKy0zXXAkB 1ttgzMgka/qv/gcKoLN3dwM7Hz+eCl/cXVJmVG7PqAjfqSr6IyM7v/B6dC0Xv49m h5mv24HqKtJoEeI0iARaNmOxKeE= -----END CERTIFICATE-----
实际上,"-x509"选项和"-new"或"-newkey"配合使用时,可以不指定证书请求文件,它在自签署过程中将在内存中自动创建证书请求文件,当然,既然要创建证书请求文件,就需要人为输入申请者的信息了。例如:
[root@xuexi tmp]# openssl req -new -x509 -key pri_key.pem -out CA1.crt -days 365
其实,使用"-x509"选项后,"-new"或"-newkey"将表示创建一个证书文件而不是一个证书请求文件。
(6).让openssl req自动创建所需的私钥文件。
在前面的所有例子中,在需要私钥的时候都明确使用了"-key"选项提供私钥。其实如果不提供,openssl req会在任何需要私钥的地方自动创建私钥,并保存在特定的位置,默认的保存位置为当前目录,文件名为privkey.pem,具体保存的位置和文件名由配置文件(默认为/etc/pki/tls/openssl.cnf)决定,此处不讨论该文件。当然,openssl req命令的"-keyout"选项可以指定私钥保存位置。
例如:
[root@xuexi tmp]# openssl req -new -out req3.csrGenerating a 2048 bit RSA private key # 自动创建私钥 ..................+++ .....................................+++ writing new private key to 'privkey.pem' Enter PEM pass phrase: # 要求输入加密私钥文件的密码,且要求长度为4-1024个字符 Verifying - Enter PEM pass phrase:-----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:^C
但是,openssl req在自动创建私钥时,将总是加密该私钥文件,并提示输入加密的密码。可以使用"-nodes"选项禁止加密私钥文件。
[root@xuexi tmp]# openssl req -new -out req3.csr -nodes Generating a 2048 bit RSA private key .............+++.............................................................................+++writing new private key to 'privkey.pem'-----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:^C
指定自动创建私钥时,私钥文件的保存位置和文件名。使用"-keyout"选项。
[root@xuexi tmp]# openssl req -new -out req3.csr -nodes -keyout myprivkey.pem Generating a 2048 bit RSA private key ......................+++............................................................+++writing new private key to 'myprivkey.pem'-----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:^C
(7).使用"-newkey"选项。
"-newkey"选项和"-new"选项类似,只不过"-newkey"选项可以直接指定私钥的算法和长度,所以它主要用在openssl req自动创建私钥时。
它的使用格式为"-newkey arg",其中arg的格式为"rsa:numbits",rsa表示创建rsa私钥,numbits表示私钥的长度,如果不给定长度(即"-newkey rsa")则默认从配置文件中读取长度值。其实不止支持rsa私钥,只不过现在基本都是用rsa私钥,所以默认就使用rsa。
[root@xuexi tmp]# openssl req -newkey rsa:2048 -out req3.csr -nodes -keyout myprivkey.pem Generating a 2048 bit RSA private key ....+++.......................................................+++writing new private key to 'myprivkey.pem'-----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:^C
通过上面一系类的举例说明后,想必openssl req的各基本选项的用法都通了。从上面的示例中也发现了,openssl req经常会依赖于配置文件(默认为/etc/pki/tls/openssl.cnf)中的值。所以,先将openssl req的命令用法总结下,再简单说明下配置文件中和req有关的内容。
openssl req [-extensions section] [-reqexts section] [-utf8] [-nameopt] [-reqopt] ---newkey args:类似于选项,创建一个新的证书请求,并创建私钥。args的格式是------[dgst] :指定对创建请求时提供的申请者信息进行数字签名时的单向加密算法,如-md5/-sha1/----days n :指定自签名证书的有效期限,默认30天,需要和----subj args :替换或自定义证书请求时需要输入的信息,并输出修改后的请求信息。args的格式为,则表示该项留空。其中可识别type(-------config filename :指定req的配置文件,指定后将忽略所有的其他配置文件。如果不指定则默认使用/etc/pki/tls/-batch :非交互模式,直接从配置文件(默认/etc/pki/tls/openssl.cnf)中读取证书请求所需字段信息。但若不指定-verbose :显示操作执行的详细信息
以下则是配置文件中(默认/etc/pki/tls/openssl.cnf)关于req段落的配置格式。
input_password :密码输入文件,和命令行的"-passin"选项对应,密码格式以及意义见"openssl密码格式"output_password:密码的输出文件,与命令行的"-passout"选项对应,密码格式以及意义见"openssl密码格式"default_bits :openssl req自动生成RSA私钥时的长度,不写时默认是512,命令行的"-new"和"-newkey"可能会用到它 default_keyfile:默认的私钥输出文件,与命令行的"-keyout"选项对应 encrypt_key :当设置为no时,自动创建私钥时不会加密该私钥。设置为no时与命令行的"-nodes"等价。还有等价的兼容性写法:encry_rsa_key default_md :指定创建证书请求时对申请者信息进行数字签名的单向加密算法,与命令行的"-[dgst]"对应 prompt :当指定为no时,则不提示输入证书请求的字段信息,而是直接从openssl.cnf中读取 :请小心设置该选项,很可能请求文件创建失败就是因为该选项设置为no distinguished_name:(DN)是一个扩展属性段落,用于指定证书请求时可被识别的字段名称。
以下是默认的配置文件格式及值。关于配置文件的详细分析见"配置文件"部分。
[ req ] default_bits = 2048default_md = sha1 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = XX countryName_min = 2countryName_max = 2stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) localityName_default = Default City0.organizationName = Organization Name (eg, company)0.organizationName_default = Default Company Ltd organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, your name or your server\'s hostname)commonName_max = 64emailAddress = Email Address emailAddress_max = 64
The above is the detailed content of Detailed introduction of pseudo command req function. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
