Windows
找不到有效的根 CA 證書,該證書可能會顯示瀏覽器警告
我正在嘗試讓 Telegram Webhook 與我的本地機器一起工作,但它不發出請求。我認為這是證書問題
這是 geocerts.com/ssl-checker 所說的:
這是我的 Apache 配置:
<IfModule ssl_module> <VirtualHost *:%httpsport%> DocumentRoot "%hostdir%" ServerName "%host%" ServerAlias "%host%" %aliases% ScriptAlias /cgi-bin/ "%hostdir%/cgi-bin/" SSLEngine on #Header always set Strict-Transport-Security "max-age=94608000" SSLCACertificateFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-rootCA.crt" SSLCertificateChainFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-bundle.crt" SSLCertificateFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-server.crt" SSLCertificateKeyFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-server.key" SetEnvIf User-Agent ".*MSIE [1-5].*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SetEnvIf User-Agent ".*MSIE [6-9].*" \ ssl-unclean-shutdown <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "%hostdir%/cgi-bin/"> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
我使用以下腳本生成了這些證書:
: Version 1.0 : Author unknown (improved by Kama - wp-kama.ru) @echo off : parameters set DOM=xxx.info set DOM_KEY=xxx set APACHE_VER=Apache-PHP-7.2-x64 : create .txt config file set config_txt=generate-temp-config.txt ( echo nsComment = "Open Server Panel Generated Certificate" echo basicConstraints = CA:false echo subjectKeyIdentifier = hash echo authorityKeyIdentifier = keyid,issuer echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment echo. echo subjectAltName = @alt_names echo [alt_names] echo DNS.1 = %DOM% echo DNS.2 = www.%DOM% ) > %config_txt% mkdir %DOM_KEY% set OSAPACHE_DIR=%~dp0..\..\..\modules\http\%APACHE_VER% set OPENSSL_CONF=%OSAPACHE_DIR%\conf\openssl.cnf "%OSAPACHE_DIR%\bin\openssl" req -x509 -sha256 -newkey rsa:2048 -nodes -days 5475 -keyout %DOM_KEY%\%DOM_KEY%-rootCA.key -out %DOM_KEY%\%DOM_KEY%-rootCA.crt -subj /CN=OSPanel-%DOM_KEY%/ "%OSAPACHE_DIR%\bin\openssl" req -newkey rsa:2048 -nodes -days 5475 -keyout %DOM_KEY%/%DOM_KEY%-server.key -out %DOM_KEY%\%DOM_KEY%-server.csr -subj /CN=%DOM_KEY%/ "%OSAPACHE_DIR%\bin\openssl" x509 -req -sha256 -days 5475 -in %DOM_KEY%\%DOM_KEY%-server.csr -extfile %config_txt% -CA %DOM_KEY%\%DOM_KEY%-rootCA.crt -CAkey %DOM_KEY%\%DOM_KEY%-rootCA.key -CAcreateserial -out %DOM_KEY%\%DOM_KEY%-server.crt "%OSAPACHE_DIR%\bin\openssl" dhparam -out %DOM_KEY%\%DOM_KEY%-dhparam.pem 2048 del %DOM_KEY%\%DOM_KEY%-server.csr del %DOM_KEY%\%DOM_KEY%-dhparam.pem del %DOM_KEY%\%DOM_KEY%-rootCA.srl del %config_txt% pause
我對證書不是很熟悉,而且我沒有太多時間做這個 rn,所以我需要幫助。
您自己生成證書,當然沒有其他人會信任它們;這就是證書的全部意義所在。
您應該從公共證書頒發機構獲得證書(或使用像 Let’s Encrypt 這樣的免費解決方案)。