Mkcert: isixhobo sokwenza izatifikethi ze-SSL zophuhliso lwasekhaya

Darkcrizt

Imizuzu ye4

Ukwenza i-SSL-HTTPS isebenze

Kule mihla ukusetyenziswa kwezatifikethi ze-SSL kwiiwebhusayithi kubaluleke kakhulu, inikwe ukuba ezi zibonelela umsebenzisi ngenqanaba lokhuseleko kunye nokuzithemba malunga nesiza esizisebenzisayo, ukongeza kwinto yokuba kwiintsuku ezimbalwa, iChannel sele iphawule kwaye yalumkisa abasebenzisi malunga neziza ezingazisebenzisiyo.

En Kweli nqaku, siza kuthatha ithuba lokwazi isixhobo esikwaziyo ukufaka izatifikethi ze-SSL kwalapha ekhaya kwinkqubo yethu.

IMkcert sisixhobo esilula esinokusetyenziselwa ukwenza izatifikethi ezithembakeleyo apha ekhaya. Ayifuni kuqwalaselwa. Kuhlala kuyingozi okanye kungenakwenzeka ukusebenzisa izatifikethi zesitifiketi sokwenene sendawo okanye i-127.0.0.1. Nokuba ukusetyenziswa kwezatifikethi ezisayiniweyo akukacetyiswa njengoko kubangela iimpazamo zokuthembana.

mkcert isinika esona sisombululo sisiso ngokulawula i-CA yakho. Oku kuyakwenza ngokuzenzekelayo kwaye kufaka i-CA yendawo kwingcambu yenkqubo kwaye ivelise izatifikethi ezithembakeleyo apha ekhaya.

Kwimeko yezatifikethi ze-SSL zamaphepha ewebhu, unokujonga kwezinye iindlela zasimahla, ezinje nge-openSSL.

Izidingo

  • Inkqubo emiselweyo nge-Go 1.10+ kunye namalungelo engcambu.
  • Isixhobo sedathabheyisi yeSatifikethi (Certutil)

Yiya kufakelo

Iya kulwimi lwenkqubo ejolise kwinjongo ngokubanzi esinokuthi sakhe ngayo iintlobo ngeentlobo zezicelo. Yiya kunye nezixhobo zayo zezixhobo ziyafumaneka kwindawo yethu yokugcina emiselweyo. Singafaka i-GO ku-Ubuntu 18.04 ngokusebenzisa lo myalelo.

apt install golang

Y sinokujonga ufakelo nge:

go version

Ngoku sinokwenza ifayile kule ndlela ilandelayo "/Etc/profile.d/goenv.sh" yemeko yendalo iphela ngolu hlobo lulandelayo:

nano /etc/profile.d/goenv.sh

Kwaye ngaphakathi kufuneka sibeke:

export GOROOT=/usr/lib/go

export GOPATH=$HOME/go

export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Ngoku sichwetheza:

source /etc/profile.d/goenv.sh

Ukufakwa kweapache

Inyathelo elilandelayo kukufaka iserver yethu yewebhu kunye nokwenza i-SSL isebenze ukusebenzisa ezi zatifikethi zentembeko yophuhliso ekuhlaleni. Singafaka iapache sisebenzisa lo myalelo ulandelayo.

apt install apache2

systemctl enable apache2

ssystemctl start apache2

Ukufakwa kwesitifiketi

Isixhobo seVenkile yeDatha yeCututil sisixhobo somyalelo esilula esinokwenza kunye nokuguqula izatifikethi kunye noovimba beenkcukacha.

Ingasetyenziselwa ngokukodwa ukudwelisa, ukuvelisa, ukulungisa okanye ukucima izatifikethi. Ingasetyenziselwa ukwenza okanye ukutshintsha iphasiwedi, ukuvelisa izibini eziphambili zikarhulumente nezangasese.

Ukuyifaka, chwetheza nje lo myalelo ulandelayo:

apt install libnss3-tools

Ukufaka iMkcert

mkcert

Ukufaka esi sixhobo khuphela nje ikhowudi kwiGitHub, oku kufuneka sichwetheze kuphela:

wget https://github.com/FiloSottile/mkcert/archive/v1.0.0.tar.gz

tar -xvzf v1.0.0.tar.gz

cd mkcert-1.0.0/

Y sidibanisa isixhobo kunye:

yenza [/ ikhowudi yemvelaphi]

Ngoku Singayikopa le mkcert kanambambili kwifolda yokufaka ye / usr / bin / ifolda oza kuyisebenzisa kwinqanaba lomncedisi.

cd mkcert-1.0.0/bin/

cp mkcert /usr/bin/

Okokugqibela, sinokuvelisa isatifikethi sethu sendawo ngalo myalelo:

mkcert -install

Oku kuyenziwa kwaye kugcinwa endleleni /root/.local/share/mkcert

por ngesiqhelo isatifikethi se-CA kunye nesitshixo sayo sigcinwa kwifolda yedatha yesicelo kwifolda "yasekhaya" yomsebenzisi.

Indawo inokufumaneka ngokusebenzisa i-mkcert -CAROOT command.

mkcert -CAROOT

/root/.local/share/mkcert

Ngoku Singasisebenzisa esi sixhobo ukwenza izatifikethi zentembeko yophuhliso lwasekhaya njengoko kufuneka:

mkcert example.com '*.example.org' myapp.dev localhost 127.0.0.1 ::1

Njengoko kuchaziwe kulo myalelo, Izatifikethi ezithenjiweyo zalapha ekhaya zigcinwa kwindlela apho usebenze khona lo myalelo.

Kuyenzeka ukuba ususe ezi ziqinisekiso, umzekelo:

cp /root/example.com+5.pem /etc/ssl/certs /

cp /root/example.com+5-key.pem /etc/ssl/private /

Ngoku Kuya kufuneka uguqule ifayile ye-SSL emiselweyo /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/ssl/certs/example.com+5.pem

SSLCertificateKeyFile /etc/ssl/private/example.com+5-key.pem

Ngoku unokwenza imodyuli ye-SSL kwaye uqalise kwakhona inkonzo ye-Apache 2 ukwenza olu tshintsho lusebenze.

a2enmod ssl

a2ensite default-ssl.conf

systemctl reload apache2

systemctl restart apache2

Nje ukuba kwenziwe oku, sinokwenza uvavanyo lokukhangela kunye nesiqinisekiso se-SSL sendawo. Chwetheza nje https://localhost Kwaye banokubona ukuba isikhangeli siyayiqonda.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   UJose Pedro sitsho
    yenzayo 6 iminyaka

    Kuncinci okucacisiweyo, awunakucinga ukuba bekufuneka ndihlanganise ntoni ukuze ndikwazi ukuyifaka kunye neemfuno zokuqala.
    Kwakungekho ndlela yomntu yokufaka ii-apacheds ukumisela ezinye.

    Phendula ujose pedro
  2.   imikel sitsho
    yenzayo 3 iminyaka

    Xa uchwetheza: yenza [/ ikhowudi yemvelaphi]

    Ingaba uthetha ngantoni??? ukufaka i / sourcecode?

    Uxolo ngokwenzela ingxaki.

    Imibuliso.

    Phendula kwimikel
  3.   UJulian Lasso sitsho
    yenzayo 3 iminyaka

    Kwi-Ubuntu 20.04 isebenza kuphela kwiFirefox kodwa hayi kwizikhangeli ezisekwe kwi-chromium: '(

    Phendula uJulian Lasso