如何以编程方式安装SSL证书(OpenSSL) [英] How does one install ssl certificates programatically (OpenSSL)
问题描述
我有一个应用程序,我正在为一个客户端,总之,允许他们的每个客户端创建自己的版本的应用程序,通过自定义模板和关联自己的域名(所有的代码都位于我的客户端服务器)。
我面临的问题是,当这样的用户创建自己的品牌版本与自己的域名,然后想登录到他们的管理系统不能提供https身份验证。
我知道可以创建一个自签名证书,我认为有一个相当简单的方法做这个程序,但是如果我想给用户购买自己的CA签名证书的能力,那么该如何实现呢?
我花了几个小时试图找到这个答案问题在线,但似乎找不到解决这个令人困惑的问题。
我认为我需要的是一些简单的代码,允许用户填写所需的形式字段,其依次创建CSR文件,用户将提供给CA以获得他的CA文件,并且对于该文件,一些代码将需要允许用户上传它...其又将自动安装它并且重新格式化
任何/所有帮助和指导将非常感激。 div>
如何做到这一点取决于你的架构。但这里有一些需要考虑的事情:
- 大多数SSL配置使用唯一的IP地址。因此,这意味着您添加的每个SSL证书将需要另一个IP地址。例如,如果使用负载均衡器,您可以集中该配置。您是否可以以编程方式执行此操作取决于您的负载均衡器。
- 您最好根据私钥生成CSR。否则,您必须允许用户上传私钥和证书(有时还包含链接文件)。
I have an application which I am working on for a client which in summary allows each of their clients to create their own own version of the application by customizing the templates and associate their own domain name (all the code is located on my clients server).
The problem I am faced with is that when such users create their own branded version with their own domain name and then want to login to their admin the system can't provide https authentication.
I am aware that one can create a self signed certificate and I "think" there is a fairly simple way of doing this programatically, BUT if I want to give users the ability to purchase their own CA signed certificate then how could this be accomplished?
I have spent a few hours trying to find the answer to this question online but can't seem to find a solution to this perplexing problem.
What I think I need is some simple code which allow the user to fill out the required form field which in turn creates the CSR file which in turn the user would provide to the CA to obtain his CA file and for which some code would need to allow the user to upload it... Which in turn would automatically install it and redraft the needed web services.
Any/all help and guidance would greatly be appreciated!
How you would go about this depends on your architecture. But here are a couple things to consider:
- Most SSL configurations operate on a unique IP address. So that means each SSL certificate you add would require another IP address. You may be able to centralize that configuration if you use a load balancer for example. Whether or not you can do that programmatically depends on your load balancer.
- You will be best off generating the CSR based on your private key. Otherwise you will have to allow users to upload both a private key and certificate (and sometimes chain file).
这篇关于如何以编程方式安装SSL证书(OpenSSL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
