erebe
How to use custom tls certificate private-key
Describe the goal
Hello, I'm an ordinary user, not a programmer, and I can't understand how to use custom tls certificate private-key Can you elaborate on how to configure the custom TLS certificate private key?
--tls-certificate <FILE_PATH>
[Optional] Use custom certificate (pem) instead of the default embedded self-signed certificate.
The certificate will be automatically reloaded if it changes
--tls-private-key <FILE_PATH>
[Optional] Use a custom tls key (pem, ec, rsa) that the server will use instead of the default embedded one
The private key will be automatically reloaded if it changes
--tls-client-ca-certs <FILE_PATH>
[Optional] Enables mTLS (client authentication with certificate). Argument must be PEM file
containing one or more certificates of CA's of which the certificate of clients needs to be signed with.
The ca will be automatically reloaded if it changes
Describe what does not work
Cannot be configured
Describe your wstunnel setup
wstunnel server --restrict-http-upgrade-path-prefix "xxxxx" --tls-certificate "/etc/wstunnel/server-cert.pem" --tls-private-key "/etc/wstunnel/server-private-key" --tls-client-ca-certs "/etc/wstunnel/client-cert.pem" wss://0.0.0.0:12345
wstunnel client --restrict-http-upgrade-path-prefix "xxxxx" --tls-certificate "d:\wstunnel\client-cert.pem" --tls-private-key "d:\wstunnel\client-private-key" --tls-client-ca-certs "d:\wstunnel\server-cert.pem" -L socks5://127.0.0.1:1080 https://server-ip:12345
Desktop (please complete the following information):
ubuntu
windows10
Hello,
You only need to specify the certificate and private key on server side
wstunnel server --restrict-http-upgrade-path-prefix "xxxxx" --tls-certificate "/etc/wstunnel/server-cert.pem" --tls-private-key "/etc/wstunnel/server-private-key" ....
That's enough to use your own cert. Client side there is nothing to do, you can use --tls-verify-certificate if you want to be sure the cert is valid.
Sorry, maybe I made a mistake I want the server and the client to authenticate to each other using the certificate key, but the connection cannot be established if the verification fails, and only my client can connect to the server Should I use this command?
wstunnel server --restrict-http-upgrade-path-prefix "xxxxx" --tls-certificate "/etc/wstunnel/server-cert.pem" --tls-private-key "/etc/wstunnel/server-private-key" --tls-client-ca-certs "/etc/wstunnel/client-cert.pem" wss://0.0.0.0:12345
wstunnel client --restrict-http-upgrade-path-prefix "xxxxx" --tls-private-key "d:\wstunnel\client-private-key" --tls-verify-certificate -L socks5://127.0.0.1:1080 https://server-ip:12345/
hello, if you want to use mutual TLS authentification, you can follow this guide https://github.com/erebe/wstunnel/blob/main/docs/using_mtls.md It explains how to setup everything.
./wstunnel server --restrict-http-upgrade-path-prefix "xxxx" --tls-certificate "/abc/11cert.pem" --tls-private-key "/abc/11key.pem" --tls-client-ca-certs "/abc/22cert.pem" wss://0.0.0.0:xxx
thread 'main' panicked at src/main
Cannot load tls certificate: No such file or directory (os error 2)
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
Using this command shows an error that cannot be loaded The certificate name and path have been confirmed Don't know why the certificate can't be loaded
Something is wrong?
openssl req -x509 -newkey rsa:4096 -keyout ca.key.pem -out ca.pem -days 3650 -nodes openssl req -newkey rsa:4096 -keyout server.key.pem -out server.pem -nodes openssl x509 -req -in server.pem -CA ca.pem -CAkey ca.key.pem -CAcreateserial -out server.crt.pem -days 3650
wstunnel server --tls-certificate "/xxx/server.crt.pem" --tls-private-key "/xxx/server.key.pem" --tls-client-ca-certs "/xx/ca.pem" wss://0.0.0.0:xxx