为 Telegram Webhook 创建和使用自签名证书的简单方法是什么? [英] What is easy way to create and use a Self-Signed Certification for a Telegram Webhook?

问题描述

系统信息:

Server Win Server 2012网络服务器:IIS 8.5项目平台:ASP.NET MVC网络钩子路径:https://webhook.MYDOMAIN.com/api/webhookaction//我使用我的域名而不是 MYDOMAIN

我使用以下方式创建了一个自签名证书以用于Telegram Webhook，但最后电报向我返回 SSL 错误，你知道吗?更简单的成功方法?

<小时>

A)我通过以下 OpenSSL 命令而不是通配符 SSL

创建了一个 自签名证书

openssl req -newkey rsa:2048 -sha256 -nodes -keyout MyDomain_private_key.key -x509 -days 365 -out MyDomain_public.pem -subj "/C=US/ST=New York/L=MyDomain/O=MyDomain/CN=webhook.MyDomain.com"

B)然后我通过以下命令从输出文件创建了一个 PFX:

openssl pkcs12 -export -out MyDomain.pfx -inkey MyDomain_private.key -in MyDomain_public.pem -certfile MyDomain_public.pem

C)然后我在服务器上安装了 MyDomain.pfx 并将其绑定到 Https://webhook.mydomain.com.

D)此外，我在 SetWebhook 命令中使用了 MyDomain_public.pem 文件作为认证文件(带有第三个库和 Curl 命令).>

Curl 命令:

curl -F "url=https://webhook.MyDomain.com/api/Webhookaction/" -F "certificate=C:\path\mydomain_public.pem" https://api.telegram.org/bot[令牌]/setWebhook

但是当我调用 GetWebhookInfo API 命令时，它返回这个错误:

<代码>{好的":真的，结果":{"url":"https://api.telegram.org/bot[token]/setWebhook?url=https://webhook.mydomain.com/api/webhookaction/",has_custom_certificate":真，"pending_update_count":1,last_error_date":1489126755，"last_error_message":"SSL 错误 {336134278，错误:14090086:SSL 例程:ssl3_get_server_certificate:证书验证失败}",最大连接数":40}}

解决方案

我使用这种快速简便的方法为 Telegram 设置自签名 webhooks(在 Windows 上，但它也适用于其他操作系统)

1. 使用 openSSL 创建您的证书

   openssl req -newkey rsa:2048 -sha256 -nodes -keyout PRIVATE.key -x509 -days 365 -out PUBLIC.pem -subj "/C=NG/ST=Lagos/L=Lagos/O=YOUR_NAME_OR_COMPANY_NAME/CN=SERVER_NAME_OR_IP"

2. 接下来使用这个简单的方法在电报上设置 webhook:

如何设置 Telegram bot webhook?得到这样的结果:

{"ok":true,"result":true,"description":"Webhook 已设置"}

3. 检查是否在 Telegram 上正确设置了 webhook:https://api.telegram.org/bot[token]/getWebhookinfo

<代码>{好的:是的，结果: {url: "[SERVER_NAME_OR_IP]:[PORT]/[YOUR_BOT_TOKEN]",has_custom_certificate:真，pending_update_count: 0,最大连接数:30}}

4. 您可以在此处和这里

5. 我个人不为我的机器人使用 IIS.我使用一个非常轻量级的网络服务器 (elli) 作为我在 Elixir 中构建的机器人服务器的一部分，该服务器的证书设置就像在配置文件中指向公钥和私钥的路径一样简单.

6. 对于 IIS 这将指导您

System info:

Server Win Server 2012
Web Server: IIS 8.5
Project platform: ASP.NET MVC
Webhook Path: https://webhook.MYDOMAIN.com/api/webhookaction

// I use my domain name instead of MYDOMAIN

I used the following way to create a Self-Signed Certification to use for a Telegram Webhook but finally telegram return SSL error to me, do you know an easier way to success?

---

A) I Created a Self Signed Certificate by the following OpenSSL command instead of the Wildcard SSL

openssl req -newkey rsa:2048 -sha256 -nodes -keyout MyDomain_private_key.key -x509 -days 365 -out MyDomain_public.pem -subj "/C=US/ST=New York/L=MyDomain/O=MyDomain/CN=webhook.MyDomain.com"

B) Then i created a PFX from the output files by this command:

openssl pkcs12 -export -out MyDomain.pfx -inkey MyDomain_private.key -in MyDomain_public.pem -certfile MyDomain_public.pem

C) Then i installed the MyDomain.pfx on the server and bind it to the Https://webhook.mydomain.com.

D) Also i used the MyDomain_public.pem file in the SetWebhook command as the certification file (with both a third library and Curl command).

The Curl command:

curl -F "url=https://webhook.MyDomain.com/api/Webhookaction/" -F "certificate=C:\path\mydomain_public.pem" https://api.telegram.org/bot[TOKEN]/setWebhook

But when i call GetWebhookInfo API command, it return this error:

{  
   "ok":true,
   "result":{  
      "url":"https://api.telegram.org/bot[token]/setWebhook?url=https://webhook.mydomain.com/api/webhookaction/",
      "has_custom_certificate":true,
      "pending_update_count":1,
      "last_error_date":1489126755,
      "last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
      "max_connections":40
   }
}

解决方案

I use this quick and easy method of setting up self-signed webhooks for Telegram (on Windows, but it should work for other OS too)

1. create your certificates using openSSL

   openssl req -newkey rsa:2048 -sha256 -nodes -keyout PRIVATE.key -x509 -days 365 -out PUBLIC.pem -subj "/C=NG/ST=Lagos/L=Lagos/O=YOUR_NAME_OR_COMPANY_NAME/CN=SERVER_NAME_OR_IP"

2. Next setup the webhook on telegram using this easy method:

How to set Telegram bot webhook? you should get a result like this:

{"ok":true,"result":true,"description":"Webhook was set"}

3. check that the webhook is properly setup on Telegram: https://api.telegram.org/bot[token]/getWebhookinfo

{ ok: true, result: { url: "[SERVER_NAME_OR_IP]:[PORT]/[YOUR_BOT_TOKEN]", has_custom_certificate: true, pending_update_count: 0, max_connections: 30 } }

4. you can test your ssl setup here and here

5. I personally don't use IIS for my bots. I use a very light weight web-server (elli) as part of my bot server built in Elixir, the certificate setup for that server is as simple as pointing to the path of the public and private keys in a config file.

6. For IIS this will direct you

这篇关于为 Telegram Webhook 创建和使用自签名证书的简单方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！