caddy_v1.0.0_linux_amd64-localnetwork-https-test-by-Centos7-WindowsNetworkShare-tls self-certificate

Refer  原文链接：https://blog.youkuaiyun.com/hushui/article/details/106804661

 

 

Windows/network share ========> 192.168.137.0  ============>  Centos7/192.168.137.170(caddy web server)  local name:DESKTOP-P55Q2H7.mshome.net

### Centos7/caddy_v1.0.0_linux_amd64

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ nslookup
> DESKTOP-P55Q2H7.mshome.net
Server:         192.168.137.1
Address:        192.168.137.1#53

Non-authoritative answer:
Name:   DESKTOP-P55Q2H7.mshome.net
Address: 192.168.137.172
>

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ uname -a
Linux DESKTOP-P55Q2H7.mshome.net 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ ifconfig   enp4s0
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.137.172  netmask 255.255.255.0  broadcast 192.168.137.255
        inet6 fe80::2d89:26b8:f0c2:e190  prefixlen 64  scopeid 0x20<link>
        ether e0:d5:5e:a4:be:ed  txqueuelen 1000  (Ethernet)
        RX packets 4639  bytes 427568 (417.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2610  bytes 560371 (547.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ hostname
DESKTOP-P55Q2H7.mshome.net
[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ cat index.html
hello world

 

key is generated by openssl RSA    ,   $ openssl genrsa -out privatekey.key 1024
Refer to https://blog.youkuaiyun.com/hushui/article/details/79424667 

## generated certification files (bind with DNS name)  from private key 

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$   openssl req -new -key ../apache-web-ssl-crt/privatekey.key -out  DESKTOP-P55Q2H7.mshome.net.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:DESKTOP-P55Q2H7.mshome.net      ***## important
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$  openssl x509 -days 3650 -req -in DESKTOP-P55Q2H7.mshome.net.csr -signkey ../apache-web-ssl-crt/privatekey.key -out DESKTOP-P55Q2H7.mshome.net.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=DESKTOP-P55Q2H7.mshome.net
Getting Private key
[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ cat Caddyfile
DESKTOP-P55Q2H7.mshome.net
{
log  /tmp/caddylog.txt 
tls ./DESKTOP-P55Q2H7.mshome.net.crt  /home/lake/apache-web-ssl-crt/privatekey.key
}

[lake@DESKTOP-P55Q2H7 caddy_v1.0.0_linux_amd64]$ ./caddy
Activating privacy features... done.

Serving HTTPS on port 2015
https://desktop-p55q2h7.mshome.net:2015

WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with `ulimit -n 8192`.

 

###  Windows/192.168.137.1 /Chrome 

Windows/192.168.137.1 

Chrome      https://desktop-p55q2h7.mshome.net:2015/

避免提示 不安全  ， "chrome://settting"  证书导入:受信任的根证书颁发机构   <=======     caddy_v1.0.0_linux_amd64\DESKTOP-P55Q2H7.mshome.net.crt

F12 

net    
1 requests
61 B transferred
12 B resources
Finish: 3 ms
DOMContentLoaded: 27 ms
Load: 28 ms
Request URL: https://desktop-p55q2h7.mshome.net:2015/
Request Method: GET
Status Code: 200 
Remote Address: 192.168.137.172:2015
Referrer Policy: no-referrer-when-downgrade
accept-ranges: bytes
content-length: 12
content-type: text/html; charset=utf-8
date: Wed, 17 Jun 2020 08:10:19 GMT
etag: "qc26smc"
last-modified: Wed, 17 Jun 2020 07:14:46 GMT
server: Caddy
status: 200
:authority: desktop-p55q2h7.mshome.net:2015
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
 

###  Windows/192.168.137.1 /MinGW 

hushui@Hushui MINGW64 /d/git-yl/Win
$ curl  -k    https://desktop-p55q2h7.mshome.net:2015
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    12  100    12    0     0    705      0 --:--:-- --:--:-- --:--:--   705                   

hello world

 

###  Centos7/Linux local test

[lake@DESKTOP-P55Q2H7 ~]$  curl --cacert  ./caddy_v1.0.0_linux_amd64/DESKTOP-P55Q2H7.mshome.net.crt     https://DESKTOP-P55Q2H7.mshome.net:2015
hello world
[lake@DESKTOP-P55Q2H7 ~]$ wget  https://DESKTOP-P55Q2H7.mshome.net:2015   --no-check-certificate
--2020-06-17 16:07:01--  https://desktop-p55q2h7.mshome.net:2015/
Resolving desktop-p55q2h7.mshome.net (desktop-p55q2h7.mshome.net)... 192.168.137.172
Connecting to desktop-p55q2h7.mshome.net (desktop-p55q2h7.mshome.net)|192.168.137.172|:2015... connected.
WARNING: cannot verify desktop-p55q2h7.mshome.net's certificate, issued by ‘/C=XX/L=Default City/O=Default Company Ltd/CN=DESKTOP-P55Q2H7.mshome.net’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 12 [text/html]
Saving to: ‘index.html.6’

100%[======================================>] 12          --.-K/s   in 0s

2020-06-17 16:07:01 (1.89 MB/s) - ‘index.html.6’ saved [12/12]

[lake@DESKTOP-P55Q2H7 ~]$ cat  index.html.6
hello world
[lake@DESKTOP-P55Q2H7 ~]$ cat /tmp/caddylog.txt
::1 - - [17/Jun/2020:15:48:42 +0800] "GET / HTTP/1.1" 200 12
::1 - - [17/Jun/2020:15:48:45 +0800] "GET / HTTP/1.1" 200 12
192.168.137.1 - - [17/Jun/2020:16:05:59 +0800] "GET / HTTP/2.0" 200 12
192.168.137.172 - - [17/Jun/2020:16:06:48 +0800] "GET / HTTP/1.1" 200 12
192.168.137.172 - - [17/Jun/2020:16:07:01 +0800] "GET / HTTP/1.1" 200 12
[lake@DESKTOP-P55Q2H7 ~]$