使用Go语言实现的Websockets服务器的SSL/TLS支持

huangapple go评论103阅读模式
英文:

SSL/TLS with Websockets Server - go lang

问题

我正在使用 collider(https://github.com/webrtc/apprtc/tree/master/src/collider - 一个使用 Go 语言编写的 WebSocket 服务器)并尝试添加 SSL/TLS 支持。为此,我生成了自签名证书:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

输入 PEM 密码:
验证 - 输入 PEM 密码:
国家名称(2 个字母的代码)[AU]:US
州或省份名称(全名)[Some-State]:CA
地区名称(例如,城市)[]:
组织名称(例如,公司)[Internet Widgits Pty Ltd]:testwebsite.com
组织单位名称(例如,部门)[]:Engineering
通用名称(例如,服务器的完全限定域名或您的姓名)[]:www.testwebsite.com
电子邮件地址[]:testwebsite@gmail.com

当我运行 collider 时,我看到以下错误:

2017/06/05 21:25:50 错误运行:crypto/tls:无法解析私钥

当我使用以下命令生成证书(基于 http://www.kaihag.com/https-and-go/)时,我得到以下错误:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem

2017/06/05 22:11:31 http:来自 :1082 的 TLS 握手错误:远程错误:未知证书

如何修复这个问题?

注意: collider 使用 golang.org/x/net/websocket。

英文:

I am using collider (https://github.com/webrtc/apprtc/tree/master/src/collider -a websockets server in go) and I am trying to add SSL/TLS support. For which I generated self-signed certificates:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:testwebsite.com
Organizational Unit Name (eg, section) []:Engineering
Common Name (e.g. server FQDN or YOUR name) []:www.testwebsite.com
Email Address []:testwebsite@gmail.com

When I run the collider, I see this error:

2017/06/05 21:25:50 Error Run: crypto/tls: failed to parse private key

When I generate using (based on http://www.kaihag.com/https-and-go/):

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem

I get this error:

2017/06/05 22:11:31 http: TLS handshake error from <some-ip>:1082: remote error: unknown certificate

How to fix this?

Note: collider uses golang.org/x/net/websocket

答案1

得分: 1

我从以下网址获取了证书:https://certbot.eff.org/#ubuntuxenial-other

certbot certonly --standalone -d example.com -d www.example.com

为了使这个碰撞器工作,我不得不使用fullchain.pem而不是cert.pem:

https://github.com/webrtc/apprtc/issues/442

英文:

I ended up obtaining the certs from: https://certbot.eff.org/#ubuntuxenial-other

certbot certonly --standalone -d example.com -d www.example.com

I had to use fullchain.pem instead of cert.pem for this collider to work:

https://github.com/webrtc/apprtc/issues/442

huangapple
  • 本文由 发表于 2017年6月7日 07:45:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/44401356.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定