2

我正在尝试在我的网站中使用 SpeechRecognition/webkitSpeechRecognition,因此需要使用 https 在 django 中运行开发服务器。

我已采取以下步骤:

  • runserver_plus从安装和配置django-extensions

  • 将由此生成的证书添加到我在 ubuntu 中的 cas 中。

    # run server
python3 manage.py runserver_plus --cert-file certs/localhost --reloader-interval 2 0.0.0.0:8000

    然后

    # to copy certificates:
sudo mkdir /usr/share/ca-certificates/extra
sudo cp certs/localhost.crt /usr/share/ca-certificates/extra/localhost.crt
sudo chmod -R 755 /usr/share/ca-certificates/extra/ 
sudo chmod 644 /usr/share/ca-certificates/extra/localhost.crt 
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates

    然后我重新启动一切以确保更改已被计算,但该网站仍然不受信任https://127.0.0.1:8000并且https://localhost:8000

我究竟做错了什么?

笔记:

awk -v cmd='openssl x509 -noout -subject' '
    /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

# gives:
...
subject=CN = localhost
subject=CN = *.localhost/CN=localhost, O = Dummy Certificate

这是我的 chrome 证书 invlaid 截图:

铬截图

注意二:我在 Firefox 中也有同样的问题

注三:

我已Allow invalid certificates for resources loaded from localhost.通过将以下内容复制到浏览器中并选择启用来启用:

chrome://flags/#allow-insecure-localhost

在此处输入图像描述

4

1 回答 1

0

这不是一个快速解决方案。我将在此处概述我为解决此问题而采取的步骤。作为参考,我正在使用:

  • Django 2.2.1
  • Ubuntu 18.04.02
  • 谷歌浏览器 75.0.3770.142

我的解决方案深受这篇文章的影响。

# in /System/Library/OpenSSL/openssl.cnf
# comment
# RANDFILE      = $ENV::HOME/.rnd

# uncomment
req_extensions = v3_req

# your domain can be whatever for a local dev server, i chose company.dev
[ v3_req ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = company.dev
DNS.2 = *.company.dev

[ v3_ca ]
# update
basicConstraints = critical, CA:TRUE, pathlen:3
# uncomment
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA


# in your project root, make a dir for certs:
mkdir certs

# Create CA certificate
openssl genrsa -aes256 -out certs/ca.key.pem 2048

# gen key
openssl req -new -x509 -subj "/CN=companydev" -extensions v3_ca -days 3650 -key certs/ca.key.pem -sha256 -out certs/ca.pem -config /usr/lib/ssl/openssl.cnf

# Create Server certificate signed by CA
openssl genrsa -out certs/local.key.pem 2048

openssl req -subj "/CN=local" -extensions v3_req -sha256 -new -key certs/local.key.pem -out certs/local.csr

openssl x509 -req -extensions v3_req -days 3650 -sha256 -in certs/local.csr -CA certs/ca.pem -CAkey certs/ca.key.pem -CAcreateserial -out certs/local.crt -extfile /usr/lib/ssl/openssl.cnf

cat certs/local.crt certs/local.key.pem > certs/local-ca-full.pem

# move certificate to ca certs
sudo cp certs/local.crt /usr/share/ca-certificates/extra/local.crt
sudo chmod -R 755 /usr/share/ca-certificates/extra/ 
sudo chmod 644 /usr/share/ca-certificates/extra/local.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates

# update /etc/hosts
127.0.0.1       localhost local.company.dev

向 chrome 添加证书:

  • 前往设置
  • 搜索 HTTPS/SSL
  • 转到权限选项卡
  • 导入证书/ca.pem
# Finally run server with
python3 manage.py runserver_plus --cert-file certs/local.crt --key-file certs/local.key.pem --reloader-interval 2 0.0.0.0:8000

打开你的浏览器,https://local.company.dev:8000/喝一杯当之无愧的咖啡

如果我错过了什么,请不要犹豫发表评论,我会更新答案

于 2019-08-22T15:12:08.730 回答