Kule mihla ukusetyenziswa kwezatifikethi ze-SSL kwiiwebhusayithi kubaluleke kakhulu, inikwe ukuba ezi zibonelela umsebenzisi ngenqanaba lokhuseleko kunye nokuzithemba malunga nesiza esizisebenzisayo, ukongeza kwinto yokuba kwiintsuku ezimbalwa, iChannel sele iphawule kwaye yalumkisa abasebenzisi malunga neziza ezingazisebenzisiyo.
En Kweli nqaku, siza kuthatha ithuba lokwazi isixhobo esikwaziyo ukufaka izatifikethi ze-SSL kwalapha ekhaya kwinkqubo yethu.
IMkcert sisixhobo esilula esinokusetyenziselwa ukwenza izatifikethi ezithembakeleyo apha ekhaya. Ayifuni kuqwalaselwa. Kuhlala kuyingozi okanye kungenakwenzeka ukusebenzisa izatifikethi zesitifiketi sokwenene sendawo okanye i-127.0.0.1. Nokuba ukusetyenziswa kwezatifikethi ezisayiniweyo akukacetyiswa njengoko kubangela iimpazamo zokuthembana.
mkcert isinika esona sisombululo sisiso ngokulawula i-CA yakho. Oku kuyakwenza ngokuzenzekelayo kwaye kufaka i-CA yendawo kwingcambu yenkqubo kwaye ivelise izatifikethi ezithembakeleyo apha ekhaya.
Kwimeko yezatifikethi ze-SSL zamaphepha ewebhu, unokujonga kwezinye iindlela zasimahla, ezinje nge-openSSL.
Izidingo
- Inkqubo emiselweyo nge-Go 1.10+ kunye namalungelo engcambu.
- Isixhobo sedathabheyisi yeSatifikethi (Certutil)
Yiya kufakelo
Iya kulwimi lwenkqubo ejolise kwinjongo ngokubanzi esinokuthi sakhe ngayo iintlobo ngeentlobo zezicelo. Yiya kunye nezixhobo zayo zezixhobo ziyafumaneka kwindawo yethu yokugcina emiselweyo. Singafaka i-GO ku-Ubuntu 18.04 ngokusebenzisa lo myalelo.
apt install golang
Y sinokujonga ufakelo nge:
go version
Ngoku sinokwenza ifayile kule ndlela ilandelayo "/Etc/profile.d/goenv.sh" yemeko yendalo iphela ngolu hlobo lulandelayo:
nano /etc/profile.d/goenv.sh
Kwaye ngaphakathi kufuneka sibeke:
export GOROOT=/usr/lib/go export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
Ngoku sichwetheza:
source /etc/profile.d/goenv.sh
Ukufakwa kweapache
Inyathelo elilandelayo kukufaka iserver yethu yewebhu kunye nokwenza i-SSL isebenze ukusebenzisa ezi zatifikethi zentembeko yophuhliso ekuhlaleni. Singafaka iapache sisebenzisa lo myalelo ulandelayo.
apt install apache2 systemctl enable apache2 ssystemctl start apache2
Ukufakwa kwesitifiketi
Isixhobo seVenkile yeDatha yeCututil sisixhobo somyalelo esilula esinokwenza kunye nokuguqula izatifikethi kunye noovimba beenkcukacha.
Ingasetyenziselwa ngokukodwa ukudwelisa, ukuvelisa, ukulungisa okanye ukucima izatifikethi. Ingasetyenziselwa ukwenza okanye ukutshintsha iphasiwedi, ukuvelisa izibini eziphambili zikarhulumente nezangasese.
Ukuyifaka, chwetheza nje lo myalelo ulandelayo:
apt install libnss3-tools
Ukufaka iMkcert
Ukufaka esi sixhobo khuphela nje ikhowudi kwiGitHub, oku kufuneka sichwetheze kuphela:
wget https://github.com/FiloSottile/mkcert/archive/v1.0.0.tar.gz tar -xvzf v1.0.0.tar.gz cd mkcert-1.0.0/
Y sidibanisa isixhobo kunye:
yenza [/ ikhowudi yemvelaphi]
Ngoku Singayikopa le mkcert kanambambili kwifolda yokufaka ye / usr / bin / ifolda oza kuyisebenzisa kwinqanaba lomncedisi.
cd mkcert-1.0.0/bin/ cp mkcert /usr/bin/
Okokugqibela, sinokuvelisa isatifikethi sethu sendawo ngalo myalelo:
mkcert -install
Oku kuyenziwa kwaye kugcinwa endleleni /root/.local/share/mkcert
por ngesiqhelo isatifikethi se-CA kunye nesitshixo sayo sigcinwa kwifolda yedatha yesicelo kwifolda "yasekhaya" yomsebenzisi.
Indawo inokufumaneka ngokusebenzisa i-mkcert -CAROOT command.
mkcert -CAROOT /root/.local/share/mkcert
Ngoku Singasisebenzisa esi sixhobo ukwenza izatifikethi zentembeko yophuhliso lwasekhaya njengoko kufuneka:
mkcert example.com '*.example.org' myapp.dev localhost 127.0.0.1 ::1
Njengoko kuchaziwe kulo myalelo, Izatifikethi ezithenjiweyo zalapha ekhaya zigcinwa kwindlela apho usebenze khona lo myalelo.
Kuyenzeka ukuba ususe ezi ziqinisekiso, umzekelo:
cp /root/example.com+5.pem /etc/ssl/certs / cp /root/example.com+5-key.pem /etc/ssl/private /
Ngoku Kuya kufuneka uguqule ifayile ye-SSL emiselweyo /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/ssl/certs/example.com+5.pem SSLCertificateKeyFile /etc/ssl/private/example.com+5-key.pem
Ngoku unokwenza imodyuli ye-SSL kwaye uqalise kwakhona inkonzo ye-Apache 2 ukwenza olu tshintsho lusebenze.
a2enmod ssl a2ensite default-ssl.conf systemctl reload apache2 systemctl restart apache2
Nje ukuba kwenziwe oku, sinokwenza uvavanyo lokukhangela kunye nesiqinisekiso se-SSL sendawo. Chwetheza nje https://localhost Kwaye banokubona ukuba isikhangeli siyayiqonda.
Kuncinci okucacisiweyo, awunakucinga ukuba bekufuneka ndihlanganise ntoni ukuze ndikwazi ukuyifaka kunye neemfuno zokuqala.
Kwakungekho ndlela yomntu yokufaka ii-apacheds ukumisela ezinye.
Xa uchwetheza: yenza [/ ikhowudi yemvelaphi]
Ingaba uthetha ngantoni??? ukufaka i / sourcecode?
Uxolo ngokwenzela ingxaki.
Imibuliso.
Kwi-Ubuntu 20.04 isebenza kuphela kwiFirefox kodwa hayi kwizikhangeli ezisekwe kwi-chromium: '(