Open saambd opened 1 year ago
hello sir, how to generate the tr069 certificate in the docker container? can you help me out?
me too. also got this error
Custom script integration is recommended,
# 1 Generate CA private key
test -f assets/ca.key || openssl genrsa -out assets/ca.key 4096
# 2 Generate CA certificate
test -f assets/ca.crt || openssl req -x509 -new -nodes -key assets/ca.key -days 3650 -out assets/ca.crt -subj \
"/C=CN/ST=Shanghai/O=teamsacs/CN=TeamsacsCA/emailAddress=master@teamsacs.cc"
# 3 Generate server private key
openssl genrsa -out assets/server.key 2048
# 4 Generate a certificate request file
openssl req -new -key assets/server.key -out assets/server.csr -subj \
"/C=CN/ST=Shanghai/O=teamsacs/CN=*.teamsacs.cc/emailAddress=master@teamsacs.cc"
# 5 Generate a server certificate based on the CA's private key and the above certificate request file
openssl x509 -req -in assets/server.csr -CA assets/ca.crt -CAkey assets/ca.key -CAcreateserial -out assets/server.crt -days 7300
mv assets/server.key assets/cwmp.tls.key
mv assets/server.crt assets/cwmp.tls.crt
The tr069 server's certificate directory is currently fixed at /var/teamsacs/private
/var/teamsacs
should be mounted as a volume and the certificate should be automatically generated and saved to the following directory via script
/var/teamsacs/private/ca.crt
/var/teamsacs/private/cwmp.tls.crt
/var/teamsacs/private/cwmp.tls.key
Here is the logic for the server to load the certificate
func (s *Tr069Server) startTlsServer() error {
caCert := path.Join(app.GConfig().System.Workdir, "private/ca.crt")
serverCert := path.Join(app.GConfig().System.Workdir, "private/cwmp.tls.crt")
serverKey := path.Join(app.GConfig().System.Workdir, "private/cwmp.tls.key")
if !common.FileExists(caCert) {
os.WriteFile(caCert, assets.CaCrt, 0644)
}
if !common.FileExists(serverCert) {
os.WriteFile(serverCert, assets.CwmpCert, 0644)
}
if !common.FileExists(serverKey) {
os.WriteFile(serverKey, assets.CwmpKey, 0644)
}
address := fmt.Sprintf("%s:%d", app.GConfig().Tr069.Host, app.GConfig().Tr069.Port)
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(assets.CaCrt)
ss := &http.Server{
Addr: address,
Handler: s.root,
TLSConfig: &tls.Config{
ClientCAs: pool,
ClientAuth: tls.VerifyClientCertIfGiven,
},
}
return ss.ListenAndServeTLS(serverCert, serverKey)
}
By default, the startup service will check the /var/teamsacs/private directory for certificates, and if not, it will write the assets pre-compiled embedded certificate to the directory, if you can compile it yourself, then the problem is simple.
The Makefile provides commands for generating certificates, which is what I did.
hello sir, how to generate the tr069 certificate in the docker container? can you help me out?