当前位置:   article > 正文

Beego实现HTTPS访问

beego openssl

用https的话,首先要生成ssl证书
生成ssl证书
SSL证书包括:

CA证书: 也叫根证书或者中间级证书,如果是单项https认证的话,该证书是可选的。不安装ca证书的话,浏览器默认是不安全的

服务器证书,必选项。通过key, 证书请求文件csr,在通过ca证书签名,生成服务器证书

客户端证书,可选项。如有客户端证书测试双向https验证

服务器证书的生成

生成服务器私钥

root@debian:~/https_crt/127.0.0.1# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................................++++++
..............................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

生成服务器证书请求(csr)
在生成csr文件的过程中,有一点很重要, Common Name 填入主机名(或者服务器IP)

root@debian:~/https_crt/127.0.0.1# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AAA
Organizational Unit Name (eg, section) []:OT
Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

删除私钥中密码
在第一步创建私钥的过程中,由于必须制定一个密码,而这个密码的副作用是,每次启动http服务的时候,都会要求输入密码,这会带来很大的不变。可以通过以下方式删除私钥中密码

root@debian:~/https_crt/127.0.0.1# cp server.key server.key.org
root@debian:~/https_crt/127.0.0.1# openssl rsa -in server.key.org -out server.key

生成服务器证书
如果你不想花钱让ca签名,那么可以以下方式生成一个自签名的证书

root@debian:~/https_crt/127.0.0.1# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=Shanghai/L=Shanghai/O=AAA/OU=OT/CN=127.0.0.1
Getting Private key

查看证书内容
签名证书之后,可以通过以下方式查看服务器证书的内容
root@debian:~/https_crt/127.0.0.1# openssl x509 -noout -text -in server.crt

修改beego配置
ssl证书完毕之后,修改beego里面相应配置,设置https端口,以及证书路径

修改配置文件
打开conf/app.conf配置文件,加入https相关配置
EnableDocs = true
EnableHTTPS=true
EnableHttpTLS = true
HttpsPort = 8010
HTTPSCertFile = "conf/server.crt"
HTTPSKeyFile = "conf/server.key"

证书就放在app.conf里面配置的目录就行

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小小林熬夜学编程/article/detail/727752
推荐阅读
相关标签
  

闽ICP备14008679号