我们目前正在使用LetsEncrypt SSL证书并且它运行良好。经过一些修改后,我们也可以将它拉入Tomcat和Apache Web服务器。
目前,我们希望将LetsEncrypt证书添加到Etherpad,它需要intermediate CA个文件。如何从LetsEncrypt提供的4个证书文件中获取这些文件。谢谢..
LetsEncrypt SSL设置:
"ssl" : {
"key" : "/path-to-your/epl-server.key",
"cert" : "/path-to-your/epl-server.crt",
"ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
},
在上面的配置中,我假设Key是privkey.pem转换为.key文件,而.crt是cert.pem转换为cert.crt。 CA的内容是什么?
谢谢。
更新
设置:
"ssl" : {
"key" : "/etc/letsencrypt/live/www.project_name.de-0001/private.key",
"cert" : "/etc/letsencrypt/live/www.project_name.de-0001/cert.crt",
"ca": "/etc/letsencrypt/live/www.project_name.de-0001/root.crt"
},
尝试按键时的错误日志:
[2016-11-04 13:25:15.612] [INFO] console - Report bugs at https://github.com/ether/etherpad-lite/issues
[2016-11-04 13:25:15.612] [INFO] console - Your Etherpad version is 1.6.0 (7dd934f)
[2016-11-04 13:25:15.613] [INFO] console - SSL -- enabled
[2016-11-04 13:25:15.613] [INFO] console - SSL -- server key file: /etc/letsencrypt/live/www.project_name.de-0001/private.key
[2016-11-04 13:25:15.614] [INFO] console - SSL -- Certificate Authority's certificate file: /etc/letsencrypt/live/www.project_name.de-0001/cert.crt
[2016-11-04 13:25:15.615] [ERROR] console - Error: EISDIR: illegal operation on a directory, read
答案 0 :(得分:1)
在与chain.pem相同的目录中应该有一个名为cert.pem的文件,其中包含直到根CA的证书链(对于我的证书,它只有一个证书,但这可能会在未来),应该是你要求的。
$ ls live/my.domain.com/
cert.pem chain.pem fullchain.pem privkey.pem
我不熟悉Etherpad,但我的猜测是你应该这样配置:
"ssl" : {
"key" : "/etc/letsencrypt/live/www.project_name.de-0001/private.key",
"cert" : "/etc/letsencrypt/live/www.project_name.de-0001/cert.pem",
"ca": "/etc/letsencrypt/live/www.project_name.de-0001/chain.pem"
},