Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
790 views
in Technique[技术] by (71.8m points)

ssl - What is easy way to create and use a Self-Signed Certification for a Telegram Webhook?

System info:

Server Win Server 2012
Web Server: IIS 8.5
Project platform: ASP.NET MVC
Webhook Path: https://webhook.MYDOMAIN.com/api/webhookaction

// I use my domain name instead of MYDOMAIN

I used the following way to create a Self-Signed Certification to use for a Telegram Webhook but finally telegram return SSL error to me, do you know an easier way to success?


A) I Created a Self Signed Certificate by the following OpenSSL command instead of the Wildcard SSL

openssl req -newkey rsa:2048 -sha256 -nodes -keyout MyDomain_private_key.key -x509 -days 365 -out MyDomain_public.pem -subj "/C=US/ST=New York/L=MyDomain/O=MyDomain/CN=webhook.MyDomain.com"

B) Then i created a PFX from the output files by this command:

openssl pkcs12 -export -out MyDomain.pfx -inkey MyDomain_private.key -in MyDomain_public.pem -certfile MyDomain_public.pem

C) Then i installed the MyDomain.pfx on the server and bind it to the Https://webhook.mydomain.com.

enter image description here

D) Also i used the MyDomain_public.pem file in the SetWebhook command as the certification file (with both a third library and Curl command).

The Curl command:

curl -F "url=https://webhook.MyDomain.com/api/Webhookaction/" -F "certificate=C:pathmydomain_public.pem" https://api.telegram.org/bot[TOKEN]/setWebhook

But when i call GetWebhookInfo API command, it return this error:

{  
   "ok":true,
   "result":{  
      "url":"https://api.telegram.org/bot[token]/setWebhook?url=https://webhook.mydomain.com/api/webhookaction/",
      "has_custom_certificate":true,
      "pending_update_count":1,
      "last_error_date":1489126755,
      "last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
      "max_connections":40
   }
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I use this quick and easy method of setting up self-signed webhooks for Telegram (on Windows, but it should work for other OS too)

  1. create your certificates using openSSL

    openssl req -newkey rsa:2048 -sha256 -nodes -keyout PRIVATE.key -x509 -days 365 -out PUBLIC.pem -subj "/C=NG/ST=Lagos/L=Lagos/O=YOUR_NAME_OR_COMPANY_NAME/CN=SERVER_NAME_OR_IP"

  2. Next setup the webhook on telegram using this easy method:

How to set Telegram bot webhook? you should get a result like this:

{"ok":true,"result":true,"description":"Webhook was set"}
  1. check that the webhook is properly setup on Telegram: https://api.telegram.org/bot[token]/getWebhookinfo

{ ok: true, result: { url: "[SERVER_NAME_OR_IP]:[PORT]/[YOUR_BOT_TOKEN]", has_custom_certificate: true, pending_update_count: 0, max_connections: 30 } }

  1. you can test your ssl setup here and here

  2. I personally don't use IIS for my bots. I use a very light weight web-server (elli) as part of my bot server built in Elixir, the certificate setup for that server is as simple as pointing to the path of the public and private keys in a config file.

  3. For IIS this will direct you


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...