Документ описывает процесс подключения бесплатного SSL сертификата полученного на сайте www.startssl.com
Документ не описывает процесс регистрации и получения сертификатов на сайте StartSSL. |
Для вашего домена (к примеру demo-srv.webitel.com) Вы должны получить файлы Private Key, Certificate и скачать Class 1 Intermediate Server CA.
Создаем pfx файл для webitel:
openssl pkcs12 -export -in wss.crt -inkey wss.key -out certificate.pfx -certfile sub.class1.server.ca.pem |
Подключаем certificate.pfx к webitel в конфигурационном файле: /opt/webitel/srv/Webitel.EventWebSocket.addin
<section name="config"> <set type="setup" name="listen-ip" value="Any"/> <set type="setup" name="listen-port" value="6871"/> <set type="setup" name="max-connect-count" value="100"/> <set type="setup" name="max-request-length" value="100000"/> <set type="setup" name="json-format-indent" value="true"/> <set type="setup" name="security" value="tls"/> <set type="setup" name="certificate" value="/opt/webitel/certs/certificate.pfx"/> <set type="setup" name="password" value="itsferapass1"/> </section> |
openssl s_client -showcerts -connect demo-srv.webitel.com:6871 |
Должны получить похожий ответ:
openssl s_client -showcerts -connect demo-srv.webitel.com:6871 CONNECTED(00000003) depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected] verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected] verify error:num=27:certificate not trusted verify return:1 depth=0 C = UA, CN = demo-srv.webitel.com, emailAddress = [email protected] verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=UA/CN=demo-srv.webitel.com/[email protected] i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA -----BEGIN CERTIFICATE----- MIIGRjCCBS6gAwIBAgIDEyL6MA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwOTI1MTQwNTI4 WhcNMTUwOTI3MDcxNjQwWjBUMQswCQYDVQQGEwJVQTEdMBsGA1UEAxMUZGVtby1z cnYud2ViaXRlbC5jb20xJjAkBgkqhkiG9w0BCQEWF2NodWNoa29AaXQtc2ZlcmEu Y29tLnVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTVmgeZ3ocsZ Ho817L2aDxldoOMNWy8XKp+8A4a+Gvu5ens1mtEm+Lyx7oYOAS9CQvCrqOFK0iOF Z7jwKtKBKLxNOyB7PtZJbYQSoqTmmG1hxdLaiLv4GliPqFlsdny0nrJP4i+nA9sU ZDMCLyj1ahLV3eGTGdpqbwDf4nkouYR+5QPspk5xTe8e62YHHqyeXQgypMmPyHRq jZnofeYrbGoIilMIxbmla0a3YIn0Ksxc0xpJTpg0T+Jwlv0mm5n+YP/ZcCz25cz+ A5mUDG1J/u3izyRLbNOiywaHzhvJ5z8azJw3wm4H1w//jGQvlougVYPnX4jIrj45 JDglibmccwIDAQABo4IC5jCCAuIwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwEwYD VR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFF8jDw/AEpywkYWmbPf5ljoLt4HX MB8GA1UdIwQYMBaAFOtCNNCYsKuf9BtrCPfMZC7vDixFMCwGA1UdEQQlMCOCFGRl bW8tc3J2LndlYml0ZWwuY29tggt3ZWJpdGVsLmNvbTCCAVYGA1UdIASCAU0wggFJ MAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0 cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeow JxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMg Y2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENsYXNzIDEg VmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGlj eSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNQYDVR0f BC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3Js MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFy dHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6 Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNy dDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcN AQELBQADggEBAJE2K2oFda4eZK7wkL2QsHpa3AQtaR1mBTIOsn5CiDOalfbGH14H uNeuqSunchjCga+HcBxaI0bll8X3iq7ATCoDOM0GRSWePZoxaNdN4FunAei7A4mf wSzjpPtFxZo8aqgN8xTN99KEHJpMxfPyvXuXVhzVlp7ibfryjwyF5RPKbRqP+HSE kirF27bNzZ8Pe1AfW5LkmwM15oVb6pG+nASR32BkOaig3reZqWFsTUPsjA8Tp8GH PUbIoZoIIyE1yHo2ztPSGbLRDkFJ5D+onK2okoIJ5OfU7Oc0YR4equHzvWkTYcyK YW6X6TAOrA9C5ReGYKUTHKUn7nnfYZJynaQ= -----END CERTIFICATE----- --- Server certificate subject=/C=UA/CN=demo-srv.webitel.com/[email protected] issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA --- No client certificate CA names sent --- SSL handshake has read 1740 bytes and written 589 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: Session-ID-ctx: Master-Key: 3819079D8181F4624ABB65F2CD0D6F6842F93AF4670DF63486297010B6C6AB72EC508DF591D23596A976E4C2C4FF98B9 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1411737613 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- read:errno=0 |
|