ssl - What is easy way to create and use a Self-Signed Certification for a Telegram Webhook?

Question

System info:

Server Win Server 2012
Web Server: IIS 8.5
Project platform: ASP.NET MVC
Webhook Path: https://webhook.MYDOMAIN.com/api/webhookaction

// I use my domain name instead of MYDOMAIN

I used the following way to create a Self-Signed Certification to use for a Telegram Webhook but finally telegram return SSL error to me, do you know an easier way to success?

---

A) I Created a Self Signed Certificate by the following OpenSSL command instead of the Wildcard SSL

openssl req -newkey rsa:2048 -sha256 -nodes -keyout MyDomain_private_key.key -x509 -days 365 -out MyDomain_public.pem -subj "/C=US/ST=New York/L=MyDomain/O=MyDomain/CN=webhook.MyDomain.com"

B) Then i created a PFX from the output files by this command:

openssl pkcs12 -export -out MyDomain.pfx -inkey MyDomain_private.key -in MyDomain_public.pem -certfile MyDomain_public.pem

C) Then i installed the MyDomain.pfx on the server and bind it to the Https://webhook.mydomain.com.

D) Also i used the MyDomain_public.pem file in the SetWebhook command as the certification file (with both a third library and Curl command).

The Curl command:

curl -F "url=https://webhook.MyDomain.com/api/Webhookaction/" -F "certificate=C:pathmydomain_public.pem" https://api.telegram.org/bot[TOKEN]/setWebhook

But when i call GetWebhookInfo API command, it return this error:

{  
   "ok":true,
   "result":{  
      "url":"https://api.telegram.org/bot[token]/setWebhook?url=https://webhook.mydomain.com/api/webhookaction/",
      "has_custom_certificate":true,
      "pending_update_count":1,
      "last_error_date":1489126755,
      "last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
      "max_connections":40
   }
}

Answer 1

I use this quick and easy method of setting up self-signed webhooks for Telegram (on Windows, but it should work for other OS too)

1. create your certificates using openSSL

   openssl req -newkey rsa:2048 -sha256 -nodes -keyout PRIVATE.key -x509 -days 365 -out PUBLIC.pem -subj "/C=NG/ST=Lagos/L=Lagos/O=YOUR_NAME_OR_COMPANY_NAME/CN=SERVER_NAME_OR_IP"

2. Next setup the webhook on telegram using this easy method:

How to set Telegram bot webhook? you should get a result like this:

{"ok":true,"result":true,"description":"Webhook was set"}

3. check that the webhook is properly setup on Telegram: https://api.telegram.org/bot[token]/getWebhookinfo

{ ok: true, result: { url: "[SERVER_NAME_OR_IP]:[PORT]/[YOUR_BOT_TOKEN]", has_custom_certificate: true, pending_update_count: 0, max_connections: 30 } }

4. you can test your ssl setup here and here

5. I personally don't use IIS for my bots. I use a very light weight web-server (elli) as part of my bot server built in Elixir, the certificate setup for that server is as simple as pointing to the path of the public and private keys in a config file.

6. For IIS this will direct you