openssl

Posted on In Views:
https本地服务器搭建和访问

https服务器搭建和访问

  • 创建服务器的公钥和证书

    执行以下命令,并按照提示,输入内容。最终在当前目录下生成 ca_key.pemca_cert.pem

    1
    openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 -nodes

  • 运行https服务

    在执行命令的所在目录创建 index.html 文件,文件内容:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    <!DOCTYPE html>
    <html>
    <head>
        <title>My First Web Page</title>
    </head>
    <body>

    <h1>Hello World!</h1>

    </body>
    </html>

    启动服务:

    1
    openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070

  • 访问https服务

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    pi@pi-NMH-WCX9:~/esp/esp-idf-example/029-ota/http_server_test$ curl -v --cacert ca_cert.pem https://192.168.5.170:8070/index.html
    *   Trying 192.168.5.170:8070...
    * Connected to 192.168.5.170 (192.168.5.170) port 8070 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    *  CAfile: ca_cert.pem
    *  CApath: /etc/ssl/certs
    * TLSv1.0 (OUT), TLS header, Certificate Status (22):
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS header, Finished (20):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, CERT verify (15):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Finished (20):
    * TLSv1.2 (OUT), TLS header, Finished (20):
    * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    * TLSv1.3 (OUT), TLS handshake, Finished (20):
    * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: C=CN; ST=Guangdong; L=Shenzhen; O=espressif; OU=com; CN=192.168.5.170; emailAddress=esp@espressif.com
    *  start date: Jan  7 01:59:10 2025 GMT
    *  expire date: Jan  7 01:59:10 2026 GMT
    *  common name: 192.168.5.170 (matched)
    *  issuer: C=CN; ST=Guangdong; L=Shenzhen; O=espressif; OU=com; CN=192.168.5.170; emailAddress=esp@espressif.com
    *  SSL certificate verify ok.
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    > GET /index.html HTTP/1.1
    > Host: 192.168.5.170:8070
    > User-Agent: curl/7.81.0
    > Accept: */*
    > 
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    * old SSL session ID is stale, removing
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * Mark bundle as not supporting multiuse
    * HTTP 1.0, assume close after body
    < HTTP/1.0 200 ok
    < Content-type: text/html
    < 
    <!DOCTYPE html>
    <html>
    <head>
        <title>My First Web Page</title>
    </head>
    <body>

    <h1>Hello World!</h1>

    </body>
    </html>
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS alert, close notify (256):
    * Closing connection 0
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    * TLSv1.3 (OUT), TLS alert, close notify (256):