caddy_v1.0.0_linux_amd64-localhost-self-certificate(OpenSSL)

最新推荐文章于 2023-11-12 16:38:56 发布

hushui

最新推荐文章于 2023-11-12 16:38:56 发布

阅读量352

点赞数

分类专栏： CrossPlatform Go HTTP

本文链接：https://blog.youkuaiyun.com/hushui/article/details/106810390

版权

CrossPlatform 同时被 3 个专栏收录

99 篇文章

订阅专栏

HTTP

20 篇文章

订阅专栏

4 篇文章

订阅专栏

key is generated by openssl RSA , $ openssl genrsa -out privatekey.key 1024
Refer to https://blog.youkuaiyun.com/hushui/article/details/79424667

## generated certification files (bind with DNS name) from private key

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ openssl req -new -key ../apache-web-ssl-crt/privatekey.key -out localhost.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:localhost **********########### important *********
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ openssl x509 -days 3650 -req -in localhost.csr -signkey ../apache-web-ssl-crt/privatekey.key -out localhost.crt
Signature ok
subject=/C=CN/ST=Shanghai/L=Default City/O=Default Company Ltd/CN=localhost
Getting Private key

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ cat Caddyfile
localhost
#DESKTOP-P55Q2H7.mshome.net
{
log /tmp/caddylog.txt
##tls self_signed
tls ./localhost.crt /home/lake/apache-web-ssl-crt/privatekey.key
}

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ ./caddy
Activating privacy features... done.

Serving HTTPS on port 2015
https://localhost:2015

WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with `ulimit -n 8192`.

[lake@DESKTOP-P55Q2H7 ~]$ curl --cacert ./caddy_v1.0.0_linux_amd64/localhost.crt https://localhost:2015
hello world
[lake@DESKTOP-P55Q2H7 ~]$ wget https://localhost:2015 --no-check-certificate --2020-06-17 15:46:00-- https://localhost:2015/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:2015... connected.
WARNING: cannot verify localhost's certificate, issued by ‘/C=CN/ST=Shanghai/L=Default City/O=Default Company Ltd/CN=localhost’:
Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 12 [text/html]
Saving to: ‘index.html.3’

100%[======================================>] 12 --.-K/s in 0s

2020-06-17 15:46:00 (1.85 MB/s) - ‘index.html.3’ saved [12/12]

[lake@DESKTOP-P55Q2H7 ~]$ cat index.html.3
hello world
[lake@DESKTOP-P55Q2H7 ~]$ cat /tmp/caddylog.txt
::1 - - [17/Jun/2020:15:48:42 +0800] "GET / HTTP/1.1" 200 12
::1 - - [17/Jun/2020:15:48:45 +0800] "GET / HTTP/1.1" 200 12
[lake@DESKTOP-P55Q2H7 ~]$