Mkcert: chida chokhazikitsa ziphaso za SSL zachitukuko chamderalo

Mdima wamdima | | mapulogalamu

4 Comments

yothandiza-SSL-HTTPS

Masiku ano kugwiritsa ntchito ziphaso za SSL pamawebusayiti ndikofunikira kwambiri, popeza izi zimapatsa wogwiritsa ntchito chitetezo komanso chidaliro patsamba lomwe amawagwiritsa ntchito, kuphatikiza kuti kwa masiku angapo, Chrome idalemba kale ndikuchenjeza ogwiritsa ntchito masamba omwe sawagwiritsa ntchito.

En Munkhaniyi, titenga mwayi wodziwa chida chothandizira kukhazikitsa ziphaso za SSL kwanuko pa makina athu.

Mkcert ndi chida chosavuta chomwe chingagwiritsidwe ntchito kupanga satifiketi yodalirika kwanuko. Sichifuna kusintha kulikonse. Nthawi zonse zimakhala zowopsa kapena zosatheka kugwiritsa ntchito ziphaso zenizeni za satifiketi ya localhost kapena 127.0.0.1. Ngakhale kugwiritsa ntchito ziphaso zosainidwa sikunalimbikitsidwe chifukwa zimayambitsa zolakwika.

mkcert amatipatsa yankho labwino kwambiri pakuwongolera CA yanu yomwe. Izi zitha kupanga ndikukhazikitsa CA yakomweko muzu wa dongosolo ndikupanga zikalata zodalirika kwanuko.

Pankhani ya ziphaso za SSL zamasamba, mutha kufunsa njira zina zaulere, monga openSSL.

Zofunikira

  • Dongosolo lokonzedwa ndi Go 1.10+ ndi mwayi wamizu.
  • Chida Chosungira Sitifiketi (Certutil)

Pitani kukhazikitsa

Pitani ndi chilankhulo chogwiritsa ntchito yomwe tingagwiritse ntchito mapulogalamu osiyanasiyana. Pitani ndi zida zake zida zimapezeka posungira posungira. Titha kukhazikitsa GO pa Ubuntu 18.04 pongogwiritsa ntchito lamuloli.

apt install golang

Y titha kuwona kukhazikitsa ndi:

go version

Tsopano titha kupanga fayilo m'njira yotsatirayi "/Etc/profile.d/goenv.sh" yamtundu wonse wosinthika motere:

nano /etc/profile.d/goenv.sh

Ndipo mkati tiyenera kuyika:

export GOROOT=/usr/lib/go

export GOPATH=$HOME/go

export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Tsopano tikulemba:

source /etc/profile.d/goenv.sh

Kukonzekera kwa Apache

Chotsatira ndikukhazikitsa seva yathu ndikuthandizira SSL kugwiritsa ntchito ziphaso zakukhulupirirana kumeneku. Titha kukhazikitsa apache pogwiritsa ntchito lamulo lotsatirali.

apt install apache2

systemctl enable apache2

ssystemctl start apache2

Kukhazikitsa kwa Certutil

Certutil Database Tool ndi njira yosavuta yolamula yomwe ingapangitse ndikusintha ziphaso ndi nkhokwe zawo.

Itha kugwiritsidwa ntchito makamaka kulemba, kupanga, kusintha kapena kuchotsa ziphaso. Ikhoza kugwiritsidwanso ntchito kupanga kapena kusintha mawu achinsinsi, kupanga magulu awiri apadera ndi apadera.

Kuti muyike, ingolembani lamulo lotsatirali:

apt install libnss3-tools

Kuyika Mkcert

mkcert

Kuyika chida ichi ingotsitsani nambala kuchokera ku GitHub, chifukwa cha izi tiyenera kungolemba:

wget https://github.com/FiloSottile/mkcert/archive/v1.0.0.tar.gz

tar -xvzf v1.0.0.tar.gz

cd mkcert-1.0.0/

Y timapanga chida ndi:

pangani [/ sourcecode]

Tsopano titha kutengera bayinare ya mkcert kuchokera kufoda yoyika ya / usr / bin / foda yomwe mungagwiritse ntchito pamlingo wa seva.

cd mkcert-1.0.0/bin/

cp mkcert /usr/bin/

Pomaliza, titha kupanga setifiketi yathu ndi lamulo ili:

mkcert -install

Izi zimapangidwa ndikusungidwa panjira /root/.local/share/mkcert

Por Nthawi zambiri satifiketi ya CA ndi makiyi ake amasungidwa mu chikwatu cha data mufoda ya "kunyumba" ya wogwiritsa ntchito.

Malowa amathanso kupezeka pogwiritsa ntchito mkcert -CAROOT command.

mkcert -CAROOT

/root/.local/share/mkcert

Tsopano Titha kugwiritsa ntchito chida ichi kupanga ziphaso zakukhulupilira kwachitukuko kwanuko pakufunika:

mkcert example.com '*.example.org' myapp.dev localhost 127.0.0.1 ::1

Monga tafotokozera mu lamuloli, Zikalata zodalirika zakomweko zimasungidwa panjira pomwe lamuloli likuyendetsedwa.

Ndikotheka kusuntha ziphasozi, mwachitsanzo:

cp /root/example.com+5.pem /etc/ssl/certs /

cp /root/example.com+5-key.pem /etc/ssl/private /

Tsopano muyenera kusintha fayilo ya SSL yomwe ili pa /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/ssl/certs/example.com+5.pem

SSLCertificateKeyFile /etc/ssl/private/example.com+5-key.pem

Tsopano mutha kuloleza gawo la SSL ndikuyambiranso ntchito ya Apache 2 kuti izi zisinthe.

a2enmod ssl

a2ensite default-ssl.conf

systemctl reload apache2

systemctl restart apache2

Izi zikachitika, titha kuyesa mayeso ndi chiphaso cha SSL chakomweko. Ingolembani https://localhost ndipo athe kuwona kuti msakatuli amazindikira.


Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Ndemanga za 4, siyani anu

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.

  1.   Jose Pedro anati
    amapanga zaka 5

    Pang'ono pofotokozedwa, simungaganize zomwe ndimayenera kusonkhanitsa kuti ndikhoze kuziyika ndizofunikira.
    Panalibe njira yaumunthu yoyikira ma apache kuti akonze zina zonse.

    Yankhani jose pedro
  2.   mikel anati
    amapanga zaka 3

    Mukamalemba: pangani [/ sourcecode]

    Mukulankhula za chiyani??? choyika mu / sourcecode?

    Pepa pokusokoneza.

    Anayankha

    Yankhani ku mikel
    1.    pablinux anati
      amapanga zaka 3

      Wawa Mikel. Ayi. Ndiko kulephera. Ndi "kupanga" chabe, kopanda mawu.

      Zikomo.

      Yankhani ku Pablinux
  3.   Julian Laso anati
    amapanga zaka 3

    Mu Ubuntu 20.04 imagwira ntchito pa Firefox koma osati asakatuli ofotokoza chromium: '(

    Yankhani kwa Julian Lasso