如何在 Traefik 中使用 .p12 格式的 SSL 证书
How to use SSL certs with .p12 format with Traefik
在所有docs中提到要在traefik.toml中添加.crt和.key。
就我而言,我只有一个 .p12 文件,可以将 .p12 与 traefik 一起使用吗?
让我从 differences 格式开始。感谢@sysadmin1138 的精彩解释。
PEM - Governed by RFCs, its used preferentially by open-source
software. It can have a variety of extensions (.pem, .key, .cer,
.cert, more)
DER -
The parent format of PEM. It's useful to think of it as a binary
version of the base64-encoded PEM file. Not routinely used very much
outside of Windows.
.pkcs12 .pfx .p12 - Originally defined by RSA in the Public-Key
Cryptography Standards (abbreviated PKCS), the "12" variant was
originally enhanced by Microsoft, and later submitted as RFC 7292.
This is a passworded container format that contains both public and
private certificate pairs. Unlike .pem files, this container is fully
encrypted.
关于 .p12 的主要信息 - 它是完全加密和密码的容器。
快速浏览一下 traefik certificate.go
包 tls 仅使用 crypto/tls and crypto/x509。
package tls
import (
"crypto/tls"
"crypto/x509"
...
)
查看crypto/x509: reading certificates from PKCS12 filesgithub问题:
曾尝试将 PKCS12 证书支持添加到 crypto/x509,但最终没有实现。
正如评论中提到的,正确的方法是转换.p12。
这是 example 实现它的热门方法(感谢@mulaz):
openssl pkcs12 -in filename.pfx -nocerts -out filename.key
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out filename.crt
以及相同的来源:Tips : Using openssl to extract private key ( .pem file) from .pfx (Personal Information Exchange)
希望对您有所帮助!
在所有docs中提到要在traefik.toml中添加.crt和.key。
就我而言,我只有一个 .p12 文件,可以将 .p12 与 traefik 一起使用吗?
让我从 differences 格式开始。感谢@sysadmin1138 的精彩解释。
PEM - Governed by RFCs, its used preferentially by open-source software. It can have a variety of extensions (.pem, .key, .cer, .cert, more)
DER - The parent format of PEM. It's useful to think of it as a binary version of the base64-encoded PEM file. Not routinely used very much outside of Windows.
.pkcs12 .pfx .p12 - Originally defined by RSA in the Public-Key Cryptography Standards (abbreviated PKCS), the "12" variant was originally enhanced by Microsoft, and later submitted as RFC 7292. This is a passworded container format that contains both public and private certificate pairs. Unlike .pem files, this container is fully encrypted.
关于 .p12 的主要信息 - 它是完全加密和密码的容器。
快速浏览一下 traefik certificate.go
包 tls 仅使用 crypto/tls and crypto/x509。
package tls
import (
"crypto/tls"
"crypto/x509"
...
)
查看crypto/x509: reading certificates from PKCS12 filesgithub问题:
曾尝试将 PKCS12 证书支持添加到 crypto/x509,但最终没有实现。
正如评论中提到的,正确的方法是转换.p12。
这是 example 实现它的热门方法(感谢@mulaz):
openssl pkcs12 -in filename.pfx -nocerts -out filename.key
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out filename.crt
以及相同的来源:Tips : Using openssl to extract private key ( .pem file) from .pfx (Personal Information Exchange)
希望对您有所帮助!