tls
tls copied to clipboard
tokio-rs
tokio-tls: creating server with *.pem certificate
Version
├── tokio-tls v0.2.1
│ ├── futures v0.1.25 (*)
│ ├── native-tls v0.2.2 (*)
│ └── tokio-io v0.1.12 (*)
├── hyper v0.12.25
│ ├── bytes v0.4.12 (*)
│ ├── futures v0.1.25 (*)
│ ├── ...
│ ├── tokio v0.1.17
│ │ ├── bytes v0.4.12 (*)
│ │ ├── futures v0.1.25 (*)
Platform
Windows 10 64-bit
Subcrates
tokio-tls
Description
I'm trying to create a hyper server that uses tokio-tls, but I have *.pem and *-key.pem files instead of a *.p12 archive. How can I achieve this? From what I can see, there's a way of creating a Certificate, but nothing shows me what do with it after creating it.
Some people are of the view that p12 is deprecated/legacy, is this the case? (https://github.com/FiloSottile/mkcert/pull/58#issuecomment-451782395)
Hello, Is there any support for this? I am wondering if I must use tokio_openssl instead
Thoughts @sfackler @LucioFranco? What are the steps to make progress here?
So I think this comes down to how each system handles TLS. Since, native-tls likes to use the tls offering that is native per OS, then it has to support the common types of keys. So this is why it only uses p12.
I would suggest switching to something like rustls or openssl or use openssl to convert the keys.
@carllerche looks like the issue @sfackler linked is the blocker for us. It might make sense to provide instructions using openssl to convert the keys but I don't really know the cli tool for it that well...
In case it helps someone else who has a pem certificate they want to use with tokio-tls (at least before this gets fixed), I used the below command to convert a self-signed certificate in pem format with it's unencrypted key in the same file (named 'cert.pem') to a pkcs12 file :
openssl pkcs12 -export -in cert.pem -out cert.p12
You might also need to add -chain to include the full certificate chain, -CAfile
