-
Notifications
You must be signed in to change notification settings - Fork 229
Using self signed certificates
Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM encoded (ASCII BASE64), the pem file should only contain the public key (including BEGIN and END portions). When converting from a bundle format, please split the file to only include the public key.
openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
the YOURPUBLIC.pem has to used as input for setting the self-signed webhook.
openssl x509 -text -noout -in YOURPUBLIC.pem
openssl x509 -inform der -in YOURDER.der -out YOURPEM.pem
openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem
## Using Java keystore for your bot?:
keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048
keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12
openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem
Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.
on the commandline:
certreq -new TEMPLATE.txt RequestFileOut
TEMPLATE.txt example file:
[NewRequest]
; At least one value must be set in this section
Subject = "CN=DOMAIN.EXAMPLE"
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
;MachineKeySet = true
RequestType = Cert
UseExistingKeySet=false ;generates a new private key (for export)
Exportable = true ;makes the private key exportable with the PFX
A self-signed certificate will be generated and installed, to view the certificate:
certutil -store -user my
To export in DER format (intermediate step for conversion to PEM)
certutil -user -store -split my SERIALNUMBER YOURDER.crt
converting to PEM (used for setting the webhook)
certutil -encode YOURDER.crt YOURPEM.cer
To delete a certificate from your store:
certutil -delstore -user my SERIALNUMBER (from view)
To export in PFX(PKCS12) format
certutil -exportpfx -user YOURDOMAIN.EXAMPLE YOURPKCS.pfx NoChain
converting YOURPKCS.pfx to PEM including the private key is best done with OpenSSL:
openssl pkcs12 -in YOURPKCS.pfx -out YOURPEM.cer
Remember that only the public key is needed as input for the self-signed webhook certificate parameter. certmgr.msc can also be used as a GUI to export the public part of self-signed certificates to PEM.
TelegramBots wiki