英文:
SSL/TLS with Websockets Server - go lang
问题
我正在使用 collider(https://github.com/webrtc/apprtc/tree/master/src/collider - 一个使用 Go 语言编写的 WebSocket 服务器)并尝试添加 SSL/TLS 支持。为此,我生成了自签名证书:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
输入 PEM 密码:
验证 - 输入 PEM 密码:
国家名称(2 个字母的代码)[AU]:US
州或省份名称(全名)[Some-State]:CA
地区名称(例如,城市)[]:
组织名称(例如,公司)[Internet Widgits Pty Ltd]:testwebsite.com
组织单位名称(例如,部门)[]:Engineering
通用名称(例如,服务器的完全限定域名或您的姓名)[]:www.testwebsite.com
电子邮件地址[]:testwebsite@gmail.com
当我运行 collider 时,我看到以下错误:
2017/06/05 21:25:50 错误运行:crypto/tls:无法解析私钥
当我使用以下命令生成证书(基于 http://www.kaihag.com/https-and-go/)时,我得到以下错误:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
2017/06/05 22:11:31 http:来自
如何修复这个问题?
注意: collider 使用 golang.org/x/net/websocket。
英文:
I am using collider (https://github.com/webrtc/apprtc/tree/master/src/collider -a websockets server in go) and I am trying to add SSL/TLS support. For which I generated self-signed certificates:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:testwebsite.com
Organizational Unit Name (eg, section) []:Engineering
Common Name (e.g. server FQDN or YOUR name) []:www.testwebsite.com
Email Address []:testwebsite@gmail.com
When I run the collider, I see this error:
2017/06/05 21:25:50 Error Run: crypto/tls: failed to parse private key
When I generate using (based on http://www.kaihag.com/https-and-go/):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
I get this error:
2017/06/05 22:11:31 http: TLS handshake error from <some-ip>:1082: remote error: unknown certificate
How to fix this?
Note: collider uses golang.org/x/net/websocket
答案1
得分: 1
我从以下网址获取了证书:https://certbot.eff.org/#ubuntuxenial-other
certbot certonly --standalone -d example.com -d www.example.com
为了使这个碰撞器工作,我不得不使用fullchain.pem而不是cert.pem:
https://github.com/webrtc/apprtc/issues/442
英文:
I ended up obtaining the certs from: https://certbot.eff.org/#ubuntuxenial-other
certbot certonly --standalone -d example.com -d www.example.com
I had to use fullchain.pem instead of cert.pem for this collider to work:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论