mirrors/doh-server
1
0
Fork 0
mirror of https://github.com/DNSCrypt/doh-server.git synced 2025-04-03 04:57:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Add the command to convert SEC1 to PKCS8

Browse source
This commit is contained in:
Frank Denis 2021-03-06 21:14:04 +01:00
parent 623328d37f
commit ecacd6eca9
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -67,7 +67,13 @@ If `doh-proxy` and the HTTP/2 front-end run on the same host, using the HTTP pro
If both are on distinct networks, such as when using a CDN, `doh-proxy` can handle HTTPS requests, provided that it was compiled with the `tls` feature.
The certificates and private keys must use RSA and have to be encoded in PEM format. They can be stored in the same file.
The certificates and private keys must be encoded in PEM/PKCS#8 format. They can be stored in the same file.
If your ECDSA private keys start with `-----BEGIN EC PRIVATE KEY-----` and not `-----BEGIN PRIVATE KEY-----`, convert them to PKCS#8 with:
```sh
openssl pkcs8 -topk8 -nocrypt -in sec1.pem -out pkcs8.pem
```
In order to enable built-in HTTPS support, add the `--tls-cert-path` option to specify the location of the certificates file, as well as the private keys file using `--tls-cert-key-path`.