You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Документ описывает процесс подключения бесплатного SSL сертификата полученного на сайте www.startssl.com

Документ не описывает процесс регистрации и получения сертификатов на сайте StartSSL.

Step-by-step guide

Для вашего домена (к примеру demo-srv.webitel.com) Вы должны получить файлы Private Key, Certificate и скачать Class 1 Intermediate Server CA.

  1. Переходим в директорию /opt/webitel/certs
  2. Копируем Private Key в файл /opt/webitel/certs/wss.key
  3. Копируем Certificate в файл /opt/webitel/certs/wss.ctr
  4. Скачиваем Class 1 Intermediate Server CA: wget https://www.startssl.com/certs/sub.class1.server.ca.pem

  5. Создаем pfx файл для webitel: 

    openssl pkcs12 -export -in wss.crt -inkey wss.key -out certificate.pfx -certfile sub.class1.server.ca.pem

  6. Подключаем certificate.pfx к webitel в конфигурационном файле: /opt/webitel/srv/Webitel.EventWebSocket.addin

    Webitel.EventWebSocket.addin
          <section name="config">
        <set type="setup" name="listen-ip" value="Any"/>
        <set type="setup" name="listen-port" value="6871"/>
        <set type="setup" name="max-connect-count" value="100"/>
        <set type="setup" name="max-request-length" value="100000"/>
        <set type="setup" name="json-format-indent" value="true"/>
		<set type="setup" name="security" value="tls"/>
        <set type="setup" name="certificate" value="/opt/webitel/certs/certificate.pfx"/>
        <set type="setup" name="password" value="itsferapass1"/>
      </section>
  7. Перезапускаем службу webitel
  8. Проверяем, проходит ли наш сертификат проверку c помощью комманды:
openssl s_client -showcerts -connect demo-srv.webitel.com:6871

Должны получить похожий ответ:

openssl s_client -showcerts -connect demo-srv.webitel.com:6871
CONNECTED(00000003)
depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected]
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected]
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=UA/CN=demo-srv.webitel.com/[email protected]
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIDEyL6MA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwOTI1MTQwNTI4
WhcNMTUwOTI3MDcxNjQwWjBUMQswCQYDVQQGEwJVQTEdMBsGA1UEAxMUZGVtby1z
cnYud2ViaXRlbC5jb20xJjAkBgkqhkiG9w0BCQEWF2NodWNoa29AaXQtc2ZlcmEu
Y29tLnVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTVmgeZ3ocsZ
Ho817L2aDxldoOMNWy8XKp+8A4a+Gvu5ens1mtEm+Lyx7oYOAS9CQvCrqOFK0iOF
Z7jwKtKBKLxNOyB7PtZJbYQSoqTmmG1hxdLaiLv4GliPqFlsdny0nrJP4i+nA9sU
ZDMCLyj1ahLV3eGTGdpqbwDf4nkouYR+5QPspk5xTe8e62YHHqyeXQgypMmPyHRq
jZnofeYrbGoIilMIxbmla0a3YIn0Ksxc0xpJTpg0T+Jwlv0mm5n+YP/ZcCz25cz+
A5mUDG1J/u3izyRLbNOiywaHzhvJ5z8azJw3wm4H1w//jGQvlougVYPnX4jIrj45
JDglibmccwIDAQABo4IC5jCCAuIwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwEwYD
VR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFF8jDw/AEpywkYWmbPf5ljoLt4HX
MB8GA1UdIwQYMBaAFOtCNNCYsKuf9BtrCPfMZC7vDixFMCwGA1UdEQQlMCOCFGRl
bW8tc3J2LndlYml0ZWwuY29tggt3ZWJpdGVsLmNvbTCCAVYGA1UdIASCAU0wggFJ
MAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0
cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeow
JxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMg
Y2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENsYXNzIDEg
VmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGlj
eSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t
cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNQYDVR0f
BC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3Js
MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFy
dHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNy
dDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcN
AQELBQADggEBAJE2K2oFda4eZK7wkL2QsHpa3AQtaR1mBTIOsn5CiDOalfbGH14H
uNeuqSunchjCga+HcBxaI0bll8X3iq7ATCoDOM0GRSWePZoxaNdN4FunAei7A4mf
wSzjpPtFxZo8aqgN8xTN99KEHJpMxfPyvXuXVhzVlp7ibfryjwyF5RPKbRqP+HSE
kirF27bNzZ8Pe1AfW5LkmwM15oVb6pG+nASR32BkOaig3reZqWFsTUPsjA8Tp8GH
PUbIoZoIIyE1yHo2ztPSGbLRDkFJ5D+onK2okoIJ5OfU7Oc0YR4equHzvWkTYcyK
YW6X6TAOrA9C5ReGYKUTHKUn7nnfYZJynaQ=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=UA/CN=demo-srv.webitel.com/[email protected]
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 1740 bytes and written 589 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 3819079D8181F4624ABB65F2CD0D6F6842F93AF4670DF63486297010B6C6AB72EC508DF591D23596A976E4C2C4FF98B9
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1411737613
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0

Похожие статьи

  • No labels