Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tokio-tls: creating server with *.pem certificate #18

Open
nevi-me opened this issue Mar 22, 2019 · 7 comments
Open

tokio-tls: creating server with *.pem certificate #18

nevi-me opened this issue Mar 22, 2019 · 7 comments

Comments

@nevi-me
Copy link

nevi-me commented Mar 22, 2019

Version

├── tokio-tls v0.2.1
│   ├── futures v0.1.25 (*)
│   ├── native-tls v0.2.2 (*)
│   └── tokio-io v0.1.12 (*)

├── hyper v0.12.25
│   ├── bytes v0.4.12 (*)
│   ├── futures v0.1.25 (*)
│   ├── ...
│   ├── tokio v0.1.17
│   │   ├── bytes v0.4.12 (*)
│   │   ├── futures v0.1.25 (*)

Platform

Windows 10 64-bit

Subcrates

tokio-tls

Description

I'm trying to create a hyper server that uses tokio-tls, but I have *.pem and *-key.pem files instead of a *.p12 archive. How can I achieve this? From what I can see, there's a way of creating a Certificate, but nothing shows me what do with it after creating it.

Some people are of the view that p12 is deprecated/legacy, is this the case? (FiloSottile/mkcert#58 (comment))
@seguidor777
Copy link

Hello,
Is there any support for this?
I am wondering if I must use tokio_openssl instead

@carllerche
Copy link
Member

Thoughts @sfackler @LucioFranco? What are the steps to make progress here?

@LucioFranco
Copy link
Member

So I think this comes down to how each system handles TLS. Since, native-tls likes to use the tls offering that is native per OS, then it has to support the common types of keys. So this is why it only uses p12.

I would suggest switching to something like rustls or openssl or use openssl to convert the keys.

@sfackler
Copy link

sfackler/rust-native-tls#27

@carllerche
Copy link
Member

Are there any steps that Tokio should take?

@LucioFranco
Copy link
Member

@carllerche looks like the issue @sfackler linked is the blocker for us. It might make sense to provide instructions using openssl to convert the keys but I don't really know the cli tool for it that well...

@Oliver2213
Copy link

In case it helps someone else who has a pem certificate they want to use with tokio-tls (at least before this gets fixed), I used the below command to convert a self-signed certificate in pem format with it's unencrypted key in the same file (named 'cert.pem') to a pkcs12 file :

openssl pkcs12 -export -in cert.pem -out cert.p12

You might also need to add -chain to include the full certificate chain, -CAfile if you need to add CA's, or -inkey if your cert's private key is in it's own file.

@LucioFranco LucioFranco transferred this issue from tokio-rs/tokio Jul 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@carllerche @seguidor777 @sfackler @nevi-me @LucioFranco @Oliver2213