telegram-crawler/data/corefork.telegram.org/bots/self-signed.html
2021-12-09 12:14:59 +00:00

161 lines
8.7 KiB
HTML

<!DOCTYPE html>
<html class="">
<head>
<meta charset="utf-8">
<title>Using self-signed certificates</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta property="description" content="Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM…">
<meta property="og:title" content="Using self-signed certificates">
<meta property="og:image" content="">
<meta property="og:description" content="Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM…">
<link rel="shortcut icon" href="/favicon.ico?4" type="image/x-icon" />
<link href="/css/bootstrap.min.css?3" rel="stylesheet">
<link href="/css/telegram.css?215" rel="stylesheet" media="screen">
<style>
</style>
</head>
<body class="preload">
<div class="dev_page_wrap">
<div class="dev_page_head navbar navbar-static-top navbar-tg">
<div class="navbar-inner">
<div class="container clearfix">
<ul class="nav navbar-nav navbar-right hidden-xs"><li class="navbar-twitter"><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)"><i class="icon icon-twitter"></i><span> Twitter</span></a></li></ul>
<ul class="nav navbar-nav">
<li><a href="//telegram.org/">Home</a></li>
<li class="hidden-xs"><a href="//telegram.org/faq">FAQ</a></li>
<li class="hidden-xs"><a href="//telegram.org/apps">Apps</a></li>
<li class=""><a href="/api">API</a></li>
<li class=""><a href="/mtproto">Protocol</a></li>
<li class=""><a href="/schema">Schema</a></li>
</ul>
</div>
</div>
</div>
<div class="container clearfix">
<div class="dev_page">
<div id="dev_page_content_wrap" class=" ">
<div class="dev_page_bread_crumbs"><ul class="breadcrumb clearfix"><li><a href="/bots" >Telegram Bots</a></li><i class="icon icon-breadcrumb-divider"></i><li><a href="/bots/faq" >FAQ</a></li><i class="icon icon-breadcrumb-divider"></i><li><a href="/bots/self-signed" >Using self-signed certificates</a></li></ul></div>
<h1 id="dev_page_title">Using self-signed certificates</h1>
<div id="dev_page_content"><p>Upload your certificate using the <em>certificate</em> parameter in the <a href="/bots/api#setwebhook">setWebhook</a> method. The certificate supplied should be <strong>PEM encoded</strong> (ASCII BASE64), the pem file should only contain the <strong>public key</strong> (including BEGIN and END portions). When converting from a bundle format, please split the file to only include the public key.</p>
<h3><a class="anchor" name="generating-a-self-signed-certificate-pair-pem" href="#generating-a-self-signed-certificate-pair-pem"><i class="anchor-icon"></i></a>Generating a self-signed certificate pair (PEM):</h3>
<h4><a class="anchor" name="openssl" href="#openssl"><i class="anchor-icon"></i></a>Openssl</h4>
<blockquote>
<p>Windows binaries for Openssl are available online</p>
</blockquote>
<p><code>openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj &quot;/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE&quot;</code></p>
<p>YOURPUBLIC.pem has to be used as input for setting the self-signed webhook.</p>
<p>You can inspect the generated certificate with:<br><code>openssl x509 -text -noout -in YOURPUBLIC.pem</code></p>
<p>Converting from a previously generated DER:<br><code>openssl x509 -inform der -in YOURDER.der -out YOURPEM.pem</code></p>
<p>Converting from a previously generated PKCS12:<br><code>openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem</code></p>
<blockquote>
<p>More information: https://www.openssl.org/</p>
</blockquote>
<h4><a class="anchor" name="java-keystore" href="#java-keystore"><i class="anchor-icon"></i></a>Java keystore</h4>
<p>Generate self-signed JKS:<br><code>keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048</code></p>
<p>Converting JKS to pkcs12 (intermediate step for conversion to PEM):<br><code>keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12</code></p>
<p>Convert PKCS12 to PEM (requires openssl):<br><code>openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem</code></p>
<blockquote>
<p>More information: https://docs.oracle.com</p>
</blockquote>
<h4><a class="anchor" name="windows" href="#windows"><i class="anchor-icon"></i></a>Windows</h4>
<p>Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.</p>
<p>On the commandline:<br><code>certreq -new TEMPLATE.txt RequestFileOut</code></p>
<p>TEMPLATE.txt example file:</p>
<pre><code>[NewRequest]
; At least one value must be set in this section
Subject = &quot;CN=DOMAIN.EXAMPLE&quot;
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
;MachineKeySet = true
RequestType = Cert
UseExistingKeySet=false ;generates a new private key (for export)
Exportable = true ;makes the private key exportable with the PFX</code></pre>
<p>A self-signed certificate will be generated and installed, to view the certificate:<br><code>certutil -store -user my</code></p>
<p>To export in DER format (intermediate step for conversion to PEM)<br><code>certutil -user -store -split my SERIALNUMBER YOURDER.crt</code></p>
<p>Converting to PEM (used for setting the webhook)<br><code>certutil -encode YOURDER.crt YOURPEM.cer</code></p>
<p>To delete a certificate from your store:<br><code>certutil -delstore -user my SERIALNUMBER</code> (from view)</p>
<p>To export in PFX(PKCS12) format<br><code>certutil -exportpfx -user YOURDOMAIN.EXAMPLE YOURPKCS.pfx NoChain</code></p>
<blockquote>
<p>More information: https://technet.microsoft.com</p>
</blockquote>
<p>Converting YOURPKCS.pfx to PEM including the private key is best done with OpenSSL:<br><code>openssl pkcs12 -in YOURPKCS.pfx -out YOURPEM.cer</code></p>
<p>Remember that only the public key is needed as input for the self-signed webhook certificate parameter. certmgr.msc can also be used as a GUI to export the public part of self-signed certificates to PEM.</p>
</div>
</div>
</div>
</div>
<div class="footer_wrap">
<div class="footer_columns_wrap footer_desktop">
<div class="footer_column footer_column_telegram">
<h5>Telegram</h5>
<div class="footer_telegram_description"></div>
Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.
</div>
<div class="footer_column">
<h5><a href="//telegram.org/faq">About</a></h5>
<ul>
<li><a href="//telegram.org/faq">FAQ</a></li>
<li><a href="//telegram.org/blog">Blog</a></li>
<li><a href="//telegram.org/jobs">Jobs</a></li>
</ul>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps#mobile-apps">Mobile Apps</a></h5>
<ul>
<li><a href="//telegram.org/dl/ios">iPhone/iPad</a></li>
<li><a href="//telegram.org/dl/android">Android</a></li>
<li><a href="//telegram.org/dl/wp">Windows Phone</a></li>
</ul>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps#desktop-apps">Desktop Apps</a></h5>
<ul>
<li><a href="//desktop.telegram.org/">PC/Mac/Linux</a></li>
<li><a href="//macos.telegram.org/">macOS</a></li>
<li><a href="//telegram.org/dl/web">Web-browser</a></li>
</ul>
</div>
<div class="footer_column footer_column_platform">
<h5><a href="//core.telegram.org/">Platform</a></h5>
<ul>
<li><a href="//core.telegram.org/api">API</a></li>
<li><a href="//translations.telegram.org/">Translations</a></li>
<li><a href="//instantview.telegram.org/">Instant View</a></li>
</ul>
</div>
</div>
<div class="footer_columns_wrap footer_mobile">
<div class="footer_column">
<h5><a href="//telegram.org/faq">About</a></h5>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/blog">Blog</a></h5>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps">Apps</a></h5>
</div>
<div class="footer_column">
<h5><a href="//core.telegram.org/">Platform</a></h5>
</div>
<div class="footer_column">
<h5><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)">Twitter</a></h5>
</div>
</div>
</div>
</div>
<script src="/js/main.js?42"></script>
<script>backToTopInit("Go up");
removePreloadInit();
</script>
</body>
</html>