?证书生成
openssl生成证书主要有以下步骤:
1. 生成CA证书
2. 生成Server证书
生成CA私钥
openssl genrsa -out ca.key 1024
生成CA自签名证书
openssl req -new -x509 -days 36500 -key ca.key -out ca.crt
生成server端的私钥key:
openssl genrsa -out server.key 1024
生成server端的req文件(这一步生成的req文件,包含公钥证书,外加身份信息,例如国家,省份,公司等。用它提交给ca,让ca来对它做签名 ):
openssl req -new -key server.key -out server.csr
用CA的私钥对server的req文件做签名,得到server的证书:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
?nodeos启动
需要配置:
?? ? ? --https-certificate-chain-file ?/ssl/server.crt \
?? ? ? --https-private-key-file /ssl/server.key \
openssl genrsa -out ca.key 1024
openssl req -new -x509 -days 36500 -key ca.key -out ca.crt
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
nodeos --producer-name eosio \
--signature-provider EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV=KEY:5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3 \
--enable-stale-production \
--plugin eosio::chain_api_plugin \
--plugin eosio::producer_api_plugin \
--https-server-address 0.0.0.0:443 \
--https-certificate-chain-file /ssl/server.crt \
--https-private-key-file /ssl/server.key \
--http-server-address 0.0.0.0:8888
curl https://127.0.0.1:443/v1/chain/get_info --insecure
cleos --no-verify -u https://127.0.0.1:443 get info
|