51工具盒子局域网内HTTPS实现
问题:不安全的提示
创建项目使用https简单,麻烦的是怎么让客户端显示正常,而不是这种不安全的提示
1.配置文件
以局域网服务器为例,首先构造一个配置:IP可以多个
```
```
```
[req]
```
```
default_bits = 2048
```
```
distinguished_name = req_distinguished_name
```
```
req_extensions = req_ext
```
```
x509_extensions = v3_req
```
```
prompt = no
```
```
```
```
[req_distinguished_name]
```
```
C = CN
```
```
ST = CN
```
```
L = CN
```
```
O = dotnetcrazy
```
```
OU = dnt
```
```
CN = localhost #域名
```
```
```
```
[req_ext]
```
```
subjectAltName = @alt_names
```
```
```
```
[v3_req]
```
```
subjectAltName = @alt_names
```
```
```
```
[alt_names]
```
```
IP.1 = 192.168.0.250
```
```
IP.2 = 192.168.40.119
```
2.生成crt证书
然后生成key:openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout wcs.key -out wcs.crt -config wcs.cnf
3.生成加密的pfx
然后生成加密的pfx文件(存放在网站根目录)openssl pkcs12 -export -out wcs.pfx -inkey wcs.key -in wcs.crt -password pass:密码
4.项目配置https
然后网站配置下:不同编程语言的项目配置方式不一样
```
```
```
// 配置https证书
```
```
builder.WebHost.ConfigureKestrel(options =>
```
```
{
```
```
options.ListenAnyIP(5000); // HTTP
```
```
options.ListenAnyIP(5001, listenOptions =>
```
```
{
```
```
listenOptions.UseHttps("wcs.pfx", "你的密码");
```
```
});
```
```
});
```
记得设置psf自动复制到根目录
完整配置:
```
```
```
var builder = WebApplication.CreateBuilder(args);
```
```
```
```
builder.Services.AddControllers();
```
```
builder.Services.AddEndpointsApiExplorer();
```
```
builder.Services.AddSwaggerGen();
```
```
```
```
// 使用OpenSSL生成自签名证书(10年有效期)
```
```
// openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout wcs.key -out wcs.crt -config wcs.cnf
```
```
// 将生成的证书和私钥转换为PFX格式
```
```
// openssl pkcs12 -export -out wcs.pfx -inkey wcs.key -in wcs.crt -password pass:你的密码
```
```
```
```
// 配置https证书
```
```
builder.WebHost.ConfigureKestrel(options =>
```
```
{
```
```
options.ListenAnyIP(5000); // HTTP
```
```
options.ListenAnyIP(5001, listenOptions => { listenOptions.UseHttps("wcs.pfx", "你的密码"); });
```
```
});
```
```
```
```
var app = builder.Build();
```
```
```
```
// 配置http请求管道
```
```
if (app.Environment.IsDevelopment())
```
```
{
```
```
app.UseSwagger();
```
```
app.UseSwaggerUI();
```
```
}
```
```
```
```
app.UseHttpsRedirection(); // 启用https
```
```
```
```
app.UseAuthorization();
```
```
```
```
app.MapControllers();
```
```
```
```
app.Run();
```
5.信任crt证书
这时候打开网站还是有问题的
需要在客户端电脑上安装证书(wcs.crt )选择安装到受信任的根证书
确认就ok了
6.最终效果
再刷新网站就没问题了
其它系统信任参考:
```
```
```
Mac:
```
```
1. 双击wcs.crt文件,将其添加到Keychain Access中。
```
```
2. 在Keychain Access中,找到刚刚添加的证书,并双击打开。
```
```
3. 在"信任"部分,将"使用此证书时"设置为"始终信任"。
```
```
```
```
Linux:
```
```
sudo cp wcs.crt /usr/local/share/ca-certificates/
```
```
sudo update-ca-certificates
```
PS:检查证书是否有效:openssl pkcs12 -info -in wcs.pfx -password pass:你的密码
