1、开启https,关闭http:
appname=ht-web
httpport=10081
EnableHTTP=true
EnableDocs=true
EnableHTTPS=true
EnableHttpTLS = true
HttpsPort = 10443
HTTPSCertFile = "conf/server.crt"
HTTPSKeyFile = "conf/erver.key
https端口可以更改,HTTPSCertFile和HTTPSKeyFile为ssl证书相关配置。
2.使用Openssl制作获取SSL证书
windows和linux上均可以操作。制作证书前,确保系统有安装Openssl。centos上安装openssl较简单,所以我是直接在centos上制作的证书,拿到windows上也可以直接使用。
1.生成私钥:
openssl genrsa -des3 -out server.key 2048
[root@htas-master ~]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
................................................................+++
..............+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@htas-master ~]#
以上设置密码为‘123456’。
2.生成CSR(证书签名请求)
#可能报错
openssl req -new -key server.key -out server.csr -config openssl.cfg
#推荐使用
openssl req -new -key server.key -out server.csr
[root@htas-master ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:ht
Organizational Unit Name (eg, section) []:ht
Common Name (eg, your name or your server's hostname) []:htas-master
Email Address []:435695323@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:ht
[root@htas-master ~]#
根据提示输入相关信息,Common Name可以填localhost
3.删除私钥中的密码:
openssl rsa -in server.key -out server.key
[root@htas-master ~]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@htas-master ~]#
4.生成自签名证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[root@htas-master ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BeiJing/L=BeiJing/O=ht/OU=ht/CN=htas-master/emailAddress=435695323@qq.com
Getting Private key
[root@htas-master ~]#
证书制作完成,只需将server.key和server.crt拷贝至工程文件下(与可执行文件同级目录)即可。启动beego,即可使用https访问接口。