2022-02-24 19:51:11 +01:00
<!DOCTYPE html>
< html class = "" >
< head >
< meta charset = "utf-8" >
< title > Using self-signed certificates< / title >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta property = "description" content = "Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM…" >
< meta property = "og:title" content = "Using self-signed certificates" >
< meta property = "og:image" content = "" >
< meta property = "og:description" content = "Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM…" >
2022-04-21 15:52:36 +02:00
< link rel = "icon" type = "image/svg+xml" href = "/img/website_icon.svg?4" >
< link rel = "apple-touch-icon" sizes = "180x180" href = "/img/apple-touch-icon.png" >
< link rel = "icon" type = "image/png" sizes = "32x32" href = "/img/favicon-32x32.png" >
< link rel = "icon" type = "image/png" sizes = "16x16" href = "/img/favicon-16x16.png" >
< link rel = "alternate icon" href = "/img/favicon.ico" type = "image/x-icon" / >
2022-02-24 19:51:11 +01:00
< link href = "/css/bootstrap.min.css?3" rel = "stylesheet" >
2022-05-02 10:38:19 +02:00
< link href = "/css/telegram.css?229" rel = "stylesheet" media = "screen" >
2022-02-24 19:51:11 +01:00
< style >
< / style >
< / head >
< body class = "preload" >
< div class = "dev_page_wrap" >
< div class = "dev_page_head navbar navbar-static-top navbar-tg" >
< div class = "navbar-inner" >
< div class = "container clearfix" >
< ul class = "nav navbar-nav navbar-right hidden-xs" > < li class = "navbar-twitter" > < a href = "https://twitter.com/telegram" target = "_blank" data-track = "Follow/Twitter" onclick = "trackDlClick(this, event)" > < i class = "icon icon-twitter" > < / i > < span > Twitter< / span > < / a > < / li > < / ul >
< ul class = "nav navbar-nav" >
< li > < a href = "//telegram.org/" > Home< / a > < / li >
< li class = "hidden-xs" > < a href = "//telegram.org/faq" > FAQ< / a > < / li >
< li class = "hidden-xs" > < a href = "//telegram.org/apps" > Apps< / a > < / li >
< li class = "" > < a href = "/api" > API< / a > < / li >
< li class = "" > < a href = "/mtproto" > Protocol< / a > < / li >
< li class = "" > < a href = "/schema" > Schema< / a > < / li >
< / ul >
< / div >
< / div >
< / div >
< div class = "container clearfix" >
< div class = "dev_page" >
< div id = "dev_page_content_wrap" class = " " >
< div class = "dev_page_bread_crumbs" > < ul class = "breadcrumb clearfix" > < li > < a href = "/bots" > Telegram Bots< / a > < / li > < i class = "icon icon-breadcrumb-divider" > < / i > < li > < a href = "/bots/faq" > FAQ< / a > < / li > < i class = "icon icon-breadcrumb-divider" > < / i > < li > < a href = "/bots/self-signed" > Using self-signed certificates< / a > < / li > < / ul > < / div >
< h1 id = "dev_page_title" > Using self-signed certificates< / h1 >
< div id = "dev_page_content" > < p > Upload your certificate using the < em > certificate< / em > parameter in the < a href = "/bots/api#setwebhook" > setWebhook< / a > method. The certificate supplied should be < strong > PEM encoded< / strong > (ASCII BASE64), the pem file should only contain the < strong > public key< / strong > (including BEGIN and END portions). When converting from a bundle format, please split the file to only include the public key.< / p >
< h3 > < a class = "anchor" name = "generating-a-self-signed-certificate-pair-pem" href = "#generating-a-self-signed-certificate-pair-pem" > < i class = "anchor-icon" > < / i > < / a > Generating a self-signed certificate pair (PEM):< / h3 >
< h4 > < a class = "anchor" name = "openssl" href = "#openssl" > < i class = "anchor-icon" > < / i > < / a > Openssl< / h4 >
< blockquote >
< p > Windows binaries for Openssl are available online< / p >
< / blockquote >
< p > < code > openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj " /C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE" < / code > < / p >
< p > YOURPUBLIC.pem has to be used as input for setting the self-signed webhook.< / p >
< p > You can inspect the generated certificate with:< br > < code > openssl x509 -text -noout -in YOURPUBLIC.pem< / code > < / p >
< p > Converting from a previously generated DER:< br > < code > openssl x509 -inform der -in YOURDER.der -out YOURPEM.pem< / code > < / p >
< p > Converting from a previously generated PKCS12:< br > < code > openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem< / code > < / p >
< blockquote >
< p > More information: https://www.openssl.org/< / p >
< / blockquote >
< h4 > < a class = "anchor" name = "java-keystore" href = "#java-keystore" > < i class = "anchor-icon" > < / i > < / a > Java keystore< / h4 >
< p > Generate self-signed JKS:< br > < code > keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048< / code > < / p >
< p > Converting JKS to pkcs12 (intermediate step for conversion to PEM):< br > < code > keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12< / code > < / p >
< p > Convert PKCS12 to PEM (requires openssl):< br > < code > openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem< / code > < / p >
< blockquote >
< p > More information: https://docs.oracle.com< / p >
< / blockquote >
< h4 > < a class = "anchor" name = "windows" href = "#windows" > < i class = "anchor-icon" > < / i > < / a > Windows< / h4 >
< p > Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.< / p >
< p > On the commandline:< br > < code > certreq -new TEMPLATE.txt RequestFileOut< / code > < / p >
< p > TEMPLATE.txt example file:< / p >
< pre > < code > [NewRequest]
; At least one value must be set in this section
Subject = " CN=DOMAIN.EXAMPLE"
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
;MachineKeySet = true
RequestType = Cert
UseExistingKeySet=false ;generates a new private key (for export)
Exportable = true ;makes the private key exportable with the PFX< / code > < / pre >
< p > A self-signed certificate will be generated and installed, to view the certificate:< br > < code > certutil -store -user my< / code > < / p >
< p > To export in DER format (intermediate step for conversion to PEM)< br > < code > certutil -user -store -split my SERIALNUMBER YOURDER.crt< / code > < / p >
< p > Converting to PEM (used for setting the webhook)< br > < code > certutil -encode YOURDER.crt YOURPEM.cer< / code > < / p >
< p > To delete a certificate from your store:< br > < code > certutil -delstore -user my SERIALNUMBER< / code > (from view)< / p >
< p > To export in PFX(PKCS12) format< br > < code > certutil -exportpfx -user YOURDOMAIN.EXAMPLE YOURPKCS.pfx NoChain< / code > < / p >
< blockquote >
< p > More information: https://technet.microsoft.com< / p >
< / blockquote >
< p > Converting YOURPKCS.pfx to PEM including the private key is best done with OpenSSL:< br > < code > openssl pkcs12 -in YOURPKCS.pfx -out YOURPEM.cer< / code > < / p >
< p > Remember that only the public key is needed as input for the self-signed webhook certificate parameter. certmgr.msc can also be used as a GUI to export the public part of self-signed certificates to PEM.< / p >
< / div >
< / div >
< / div >
< / div >
< div class = "footer_wrap" >
< div class = "footer_columns_wrap footer_desktop" >
< div class = "footer_column footer_column_telegram" >
< h5 > Telegram< / h5 >
< div class = "footer_telegram_description" > < / div >
Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.
< / div >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/faq" > About< / a > < / h5 >
< ul >
< li > < a href = "//telegram.org/faq" > FAQ< / a > < / li >
< li > < a href = "//telegram.org/blog" > Blog< / a > < / li >
< li > < a href = "//telegram.org/jobs" > Jobs< / a > < / li >
< / ul >
< / div >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/apps#mobile-apps" > Mobile Apps< / a > < / h5 >
< ul >
< li > < a href = "//telegram.org/dl/ios" > iPhone/iPad< / a > < / li >
< li > < a href = "//telegram.org/dl/android" > Android< / a > < / li >
< li > < a href = "//telegram.org/dl/wp" > Windows Phone< / a > < / li >
< / ul >
< / div >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/apps#desktop-apps" > Desktop Apps< / a > < / h5 >
< ul >
< li > < a href = "//desktop.telegram.org/" > PC/Mac/Linux< / a > < / li >
< li > < a href = "//macos.telegram.org/" > macOS< / a > < / li >
< li > < a href = "//telegram.org/dl/web" > Web-browser< / a > < / li >
< / ul >
< / div >
< div class = "footer_column footer_column_platform" >
< h5 > < a href = "/" > Platform< / a > < / h5 >
< ul >
< li > < a href = "/api" > API< / a > < / li >
< li > < a href = "//translations.telegram.org/" > Translations< / a > < / li >
< li > < a href = "//instantview.telegram.org/" > Instant View< / a > < / li >
< / ul >
< / div >
< / div >
< div class = "footer_columns_wrap footer_mobile" >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/faq" > About< / a > < / h5 >
< / div >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/blog" > Blog< / a > < / h5 >
< / div >
< div class = "footer_column" >
< h5 > < a href = "//telegram.org/apps" > Apps< / a > < / h5 >
< / div >
< div class = "footer_column" >
< h5 > < a href = "/" > Platform< / a > < / h5 >
< / div >
< div class = "footer_column" >
< h5 > < a href = "https://twitter.com/telegram" target = "_blank" data-track = "Follow/Twitter" onclick = "trackDlClick(this, event)" > Twitter< / a > < / h5 >
< / div >
< / div >
< / div >
< / div >
2022-04-19 13:29:30 +02:00
< script src = "/js/main.js?46" > < / script >
2022-02-24 19:51:11 +01:00
< script > b a c k T o T o p I n i t ( " G o u p " ) ;
removePreloadInit();
< / script >
< / body >
< / html >