2
SSL Usage · tsl0922/ttyd Wiki · GitHub
source link: https://github.com/tsl0922/ttyd/wiki/SSL-Usage
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
SSL Usage
Shuanglei Tao edited this page on Feb 17, 2020
·
1 revision
Generate SSL CA and self signed server/client certificates:
# CA certificate (FQDN must be different from server/client) openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt # server certificate (for multiple domains, change subjectAltName to: DNS:example.com,DNS:www.example.com) openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out server.csr openssl x509 -sha256 -req -extfile <(printf "subjectAltName=DNS:localhost") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt # client certificate (the p12/pem format may be useful for some clients) openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=client" -out client.csr openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 openssl pkcs12 -in client.p12 -out client.pem -clcerts
Then start ttyd:
ttyd --ssl --ssl-cert server.crt --ssl-key server.key --ssl-ca ca.crt bash
You may want to test the client certificate verification with curl:
curl --insecure --cert client.p12[:password] -v https://localhost:7681
If you don't want to enable client certificate verification, remove the --ssl-ca option.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK