parent
eda07ac2ad
commit
684ed3acb0
5 changed files with 142 additions and 1 deletions
@ -0,0 +1,12 @@ |
||||
# Fly me a rocket |
||||
|
||||
This is a basic rocket web app. It uses tls to serve content, signing itself |
||||
with keys that are in `private`, along with a generation script. A tryout use |
||||
case would bring : |
||||
|
||||
( cd private && bash gen_cert.sh ) |
||||
cargo run |
||||
|
||||
One should use Let'sEncrypt keys for a specific domain. See `Rocket.toml` for |
||||
adding specific keys for production binaries. Self-generated keys are useful for |
||||
developement environments. |
@ -0,0 +1,20 @@ |
||||
|
||||
# Global configuration of TLS: |
||||
[global.tls] |
||||
certs = "private/cert.pem" |
||||
key = "private/key.pem" |
||||
|
||||
|
||||
# Per Environment Configuration of TLS: |
||||
#[development] |
||||
#tls = { certs = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\certs.pem", key = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\key.pem" } |
||||
#[production] |
||||
#tls = { certs = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\certs.pem", key = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\key.pem" } |
||||
|
||||
# Or relative paths: |
||||
|
||||
# Per Environment Configuration of TLS: |
||||
# [development] |
||||
# tls = { certs = "private\\certs.pem", key = "private\\key.pem" } |
||||
# [production] |
||||
# tls = { certs = "private\\certs.pem", key = "private\\key.pem" } |
@ -0,0 +1,21 @@ |
||||
#! /bin/bash |
||||
|
||||
# TODO: `rustls` (really, `webpki`) doesn't currently use the CN in the subject |
||||
# to check if a certificate is valid for a server name sent via SNI. It's not |
||||
# clear if this is intended, since certificates _should_ have a `subjectAltName` |
||||
# with a DNS name, or if it simply hasn't been implemented yet. See |
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=552346 for a bit more info. |
||||
|
||||
CA_SUBJECT="/C=US/ST=CA/O=Rocket CA/CN=Rocket Root CA" |
||||
SUBJECT="/C=US/ST=CA/O=Rocket/CN=localhost" |
||||
ALT="DNS:localhost" |
||||
|
||||
openssl genrsa -out ca_key.pem 4096 |
||||
openssl req -new -x509 -days 3650 -key ca_key.pem -subj "${CA_SUBJECT}" -out ca_cert.pem |
||||
|
||||
openssl req -newkey rsa:4096 -nodes -sha256 -keyout key.pem -subj "${SUBJECT}" -out server.csr |
||||
openssl x509 -req -sha256 -extfile <(printf "subjectAltName=${ALT}") -days 3650 \ |
||||
-CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial \ |
||||
-in server.csr -out cert.pem |
||||
|
||||
rm ca_cert.srl server.csr |
Loading…
Reference in new issue