How to set the root CA - Githubissues

housleyjk / ws-rs

Lightweight, event-driven WebSockets for Rust.

MIT License

1.47k stars 222 forks source link

How to set the root CA #300

Closed meruiden closed 4 years ago

meruiden commented 4 years ago

Is there a way to set the root CA on the SslAcceptor?

        let cert = {
            let data = read_file("certificate.crt").unwrap();
            X509::from_pem(data.as_ref()).unwrap()
        };

        let pkey = {
            let data = read_file("private.key").unwrap();
            PKey::private_key_from_pem(data.as_ref()).unwrap()
        };

        let acceptor = Rc::new({
            let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
            builder.set_private_key(&pkey).unwrap();
            builder.set_certificate(&cert).unwrap();
            builder.build()
        });

Darkspirit commented 4 years ago

Usually (with all web servers) you bundle website certificate and intermediate CA certificate into one certificate file. (/etc/letsencrypt/live/example.com/fullchain.pem) cat certificate.crt ca.crt > bundle.crt

meruiden commented 4 years ago

fixed by passing the intermediate CA like so:

        let acceptor = Rc::new({
            let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
            builder.set_private_key(&pkey).unwrap();
            builder.set_certificate(&cert).unwrap();
            builder.add_extra_chain_cert(inter).unwrap();
            builder.check_private_key().unwrap();
            builder.build()
        });