基于WebRTC的应用，让音视频通话，基于浏览器就可以完成，客户端变得简洁，方便. linux系统是CentOS7， freeswitch版本是1.8.6 64bit的，安装过程中，网上很多地方说yasm和nasm，汇编处理，提升编解码速度，很多说yasm和nasm一样，装那个都可以，但是我装nasm总是遇到：

vpx_dsp/x86/intrapred_sse2.asm:64: error: invalid combination of opcode and operands

后来，我卸载nasm，然后安装yasm，并将freeswitch整个安装文件重新来一遍，恢复初始状态（ 将之前编译用的freeswitch目录删除，重新解压freeswitch 1.8.6 的tar.gz包 ），上述错误便不再出现。

还有很多坑，这里就不再多说，网上百度很多相关帖子， 每扫除一个坑，最好将编译环境重置一下，这样会减少不必要的说不清楚的麻烦 ，我在这个上面吃了大亏。

回归今天的重点话题，基于浏览器的音视频通话。因为chrome，Firefox以及其他一些主流浏览器现在基本都支持WebRTC，这个实现基于IP的音视频通话，提供了很多便利。但是呢，WebRTC要求安全通信，要求基于SSL， 否则会出现下面的提示：

--unsafely-treat-insecure-origin-as-secure

虽然说，不用https打开Web应用，在chrome下，用http打开，出现上述这个警告，在浏览器地址栏输入下面内容：

chrome://flags/#unsafely-treat-insecure-origin-as-secure

这样，结合下面的配图，先在1对应的区域输入你要访问的URL地址，然后再在2对应的按钮处选择enabled，重启浏览器后，再访问地址，浏览器是允许访问的。这是权宜之计的解决方案，在生产中，或者用户测试阶段，手机浏览器上操作，这个显然是不行的，让用户去做这个配置，然后访问，你觉得可行么？

于是乎，为了搞清楚，基于https的访问web应用，就有了本博文。

为了实现Freeswitch+WebRTC+sip.js的基本通话功能的验证，这里采用自签名的证书进行验证。 我们先看看，freeswitch默认的wss.pem证书是多少位的，我们好参照着创建一个一样长度的证书。

[root@fs3 certs]# vi wss.pem 
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDGj5Y8r9N2GoPf
1ByLB+3xHdj9zeB8nQlkR1E6C/hhoHEXXf3tidQ8VT62MPwIpY+Pk95b1zhA1gYj
duWhdhuOFZdahHwsvdWYszRibul2gRR30j0hkaR8UKd2D/RED6upoB2FGDb5fn+L
RCqQSFXSB67LiQW3JbKuM+eKnFgqtAxDfzQ393ExkUtNidVc5Ov3pjXLF2ralLcK
nGXPGLVDLaSv9tRyP4oTbWgqdljsnnEb3bjWwajeqhzhlUjEZ58L96zyKhWx3foU
n4ZHUji3qRzcrHtWto31y5gcbHuLH98BxsL6uLmiD2JBTn8EyiW58mog+r7J603C
JBjznV1Y+wOpxEOXfvnxTe3gon3514KJGt2b986Mym49ILkbhPrq+OeBkZa/gmZP
AX9CWbtbDgF4k9jubBSwg3ngDMZls/FF8O0T8FtZCHGvQ8UvBhG8uxMH5Fh0YCAB
mT6blhpyf7K4+hIijhsmrOT2mPvpN/qvX8Qs2tUlIqKmL0l+hsubQrMGp6MAvWcQ
XZSboyV4iuc/kqNjj2S12YjgKAwwrTldLvbcljHc2tR4vC5Fd3EGLocMDJuQCilJ
rG74MDbgdSwyWhhjSxmPQNsv5TvdIJmBqCsa2CbqzVeFIAlHHNNgx8qGp1jrJkif
i8sZAdTtAYGafvMWpbf2zYj6ZVXSVQIDAQABAoICAGQGNRKBKC8YkFIS0gYfineq
J4NDUNC1cuO3IW3yVb8oSZAR4zbj9awm7R5ucqgQbs9PF/Z/5nCS4CjBXlAF5T+g
FMyebMdFIfJ4Y+0qHiV6RMtPd0gPzCJrptBMnSokEr+yTuybFCZ+2NVZE2/3YHQb
NqyFbAGk1ev3ba5fr/JjHMJrs+x1k+n6XUrEIl1XXJ82dWbHdyaBP+vyeT7oHXen
6IxT9RVQeMfsl0q8r3MTJbt56AEXMXBplX716uA1quMmc1LSbHdbcP0ul0AaZUPv
xwBLSx6Ve9HUK941r86X0YldjR8sKyc+RKrNViMdif+v5FKUvcON62/fK0qdfUXQ
Sewg2q6dl/dTvY9dXub6ywInFIzeWR0ivoh6iQCoEI/p2LM6uHPLifWQ8UUAug7x
Tf6suLO/nS4Le55XrY/jrFkxtsoaMDZYEZimLWUOgZBVj3F0NUPUlhDbuh6uRRdh
acXiNidkp8JABlAetP6/0Aidln80Am5VIbGKAXInfpejaMxgUwm7yaKoo+YdJ+B0
b94+qUo4ElxZE0n08kjhJK1cJu3+2NApp24FJcz6KdNzuxhNnRG+nMpYj2IWQc98
QK3pBhanajm5i0SBb/6HEZkTRSqrZ45Y2Dctm6xcORAfyxDfW14+xacmY4yuwHbx
FZm6OCj/SpMdTxgbQP2JAoIBAQDtVNTiYuGC+Uu/14fXEYZeW5QscwThc9S5FDnE
GduAc4q7Yb9NwEDncRLLLXb0BDuSE/2TdJaaTku+oUcgKaIs6eJKFijnKUr7lXtU
25RBnjHAcHN8/+ihAXlKoZMcv98rTvElCofpK5PFHtc+8uaYtEuMsbShM58jlhvr
RlMMJfWALH528+qvxQH0oRpC1+45RUuqBx27t5tpeRRXOtNdi0Ad0yVa/aeZyuFa
AIt9ZpZ4N6QB1qGuWH3T1dMzDIw4zcDq10mU11TQqMRff44W/sE9y8U48WvCfCI9
PxfHE2oK/nZiAPgXjKrMM5w06JzIfzeWnBWr/EcJ8RqKooUnAoIBAQDWLgeW3z3e
TJHMpFmr4IunSk8Y83AvUsRh973INYTWIhrp8SmyNwAaGWCKsfauiQyxUP/HxmZt
EhP+wfjB1ygrI4PczzovIIaseZASSYfw1QH7rQZNJXXZgAoFuyXIP2g+MCR7AIz9
jvLL6okUy9lBKbIdXXaD54LODqThdplRqulgkeq9CoI8EhI9CsckHTvvpZ99yn86
ohLL4BF6dtehvUrjawHsGpxt0FoK6cxG8QlMBpPw+75M0I5kAcKi6AA5sz4icLrR
n+AuH2vvh/ursvmSyS5RmjICGxRt7RRV2O4Pwj3Q9yHsYi1yiiw/IoSpIdDhWKtX
aILOOwN9hDIjAoIBAQCjcf7CgjKojqN6VSa6GNme9hbPnc7IrYrcg29c/CnNBsWO
Urz7AOIyAg9dWcxINPoJmjbSbEKjtjQ37r4bClEj+VbcivJUcH2xUbsEL8ykfBvr
WgZPGbbN20P6/9dev00keFNenSgIjvhPkvPN6F6i39f/5wps0i5Qxbooh9/9x86R
HRNjPIxtzJGSNbjuO+NWEcEQMaJqewJO2xIFGQAjthjL8XQSfAoGwk/8Oc/W5uXN
mRQcKAJlHZBaaTHwQD35iMnJcca8+KbypKfI1QG4GG5g7oq+spTx9adm4qKveVFY
jPJegChbn4ao5wo27dO7yNExqgDK1wzdbexHebGVAoIBAHJwK7vwUjVaAjkuw37z
vorHSJYTVKjkd2vFHJFCD1T+6hR/uACyJIrNbmkNB7pgHfkMR26t0oKKu0ZOzCR+
WscZ9dXgn70YivzTAyjSQyFqHuIjpA9KabqqEDDZuylQv9kijgtu0uaUH6TXDyGe
fdm0dqf8DVwTMi/5YR3a6bbaNFJWBO+3ErkYCsi03oysVh8JBrwGm45vlM18Trp5
j2OrKb1zqpZF7bk7LzFPlMd++LG3fgqv6BFRChPjYOT8Q0qRPCzYwOlKnFTokxps
NQub2IAWoHoXgorffz3xBAGOpDylU7Q4p9aO6qudqmCdh/Z6zAnr/7j3bZTVsVq6
bLMCggEBAOew6+8zQ5dGp+Bo5dvAlhbKNBhTF3cwwcqejKDl0O28NdZOmhOdRCLZ
XQYCrJMCB+tc0nPp+H2HkBJaH+T5ZnowBot9ucrJgtUna76DH+bfAdBLYroFz0rm
K0GVQyMNmiZEifAFxZofmSQnDUiXSmtu2HDPJP/HKMqjnnlDeUaTjREupXSa2SW8
adDFaTE4IFc/0cZ3cxEAsGZGUhcHOzJPNt9WOSa/VHrKRNYuEypIkb+5SVRAZvRI
l5mJ2URjAQu7r/HvWuz+gtcnwSEXcWWHDSYGNgffGC5Z15CpD+Nrk67qH8f64PJS
qwKKHXhZ0lsdvF3PCfSJ3t2wlVQS4IU=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEujCCAqICAQAwDQYJKoZIhvcNAQEFBQAwIjELMAkGA1UEBhMCVVMxEzARBgNV
BAMMCkZyZWVTV0lUQ0gwIBcNMjAwOTE2MDY1NDI2WhgPMjEyMDA4MzAwNjU0MjZa
MCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApGcmVlU1dJVENIMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAxo+WPK/TdhqD39Qciwft8R3Y/c3gfJ0JZEdR
Ogv4YaBxF1397YnUPFU+tjD8CKWPj5PeW9c4QNYGI3bloXYbjhWXWoR8LL3VmLM0
Ym7pdoEUd9I9IZGkfFCndg/0RA+rqaAdhRg2+X5/i0QqkEhV0geuy4kFtyWyrjPn
ipxYKrQMQ380N/dxMZFLTYnVXOTr96Y1yxdq2pS3Cpxlzxi1Qy2kr/bUcj+KE21o
KnZY7J5xG9241sGo3qoc4ZVIxGefC/es8ioVsd36FJ+GR1I4t6kc3Kx7VraN9cuY
HGx7ix/fAcbC+ri5og9iQU5/BMolufJqIPq+yetNwiQY851dWPsDqcRDl3758U3t
4KJ9+deCiRrdm/fOjMpuPSC5G4T66vjngZGWv4JmTwF/Qlm7Ww4BeJPY7mwUsIN5
4AzGZbPxRfDtE/BbWQhxr0PFLwYRvLsTB+RYdGAgAZk+m5Yacn+yuPoSIo4bJqzk
9pj76Tf6r1/ELNrVJSKipi9JfobLm0KzBqejAL1nEF2Um6MleIrnP5KjY49ktdmI
4CgMMK05XS723JYx3NrUeLwuRXdxBi6HDAybkAopSaxu+DA24HUsMloYY0sZj0Db
L+U73SCZgagrGtgm6s1XhSAJRxzTYMfKhqdY6yZIn4vLGQHU7QGBmn7zFqW39s2I
+mVV0lUCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEATQMU5A6qlX6N7rCge7kdUSFk
90GwEah0ipW7TzR0i73GY8Bi14KS8Ler2NsKIby/k9RGaZFJljWml8nYgQNGvCVb
vNerp/0IKQmv+J2G3Qp5fCJZnU8+eAn4QDUd2cbKJfcKWqYJ40ax4na68SzCUXJL
uO6xSP/bCSi+b6jsUDdcSYe2kNRhx3PMF6CJ75hKpDWygdQrNmEqeRiwSTKdvzC6
oo3yzKQlovtPSXcj+XArWZenIbBju4uclaa2A8gxOvZcf91pyZcxq38MBWxhf1Gr
gTDA45FCSYw/vKM+Z4X04/bUq/H1RZxOxsp9+TdrWvb9iRjb5zScizv0P7PkWJws
6ILnnbFo+cSjmH313WbJz2grGf0Y2V0We7wctGk09eStIpXFb1ardxrAqIvS2SrU
Z6pi1A0xX3xtffO07uOVDwhF4th3SjJOd1GWJVw7YhYtNA8Y8ciTvGqBRLKchgGo
Fv8tw/p0s+LCksw6Z46pHRxJwEr8EJXL0lx+z78vPlVi7rkm1HKaWJ89Jgm3zlfW
Nus7waZk5UDPvcLZQJdhPQf6qQkhnmQOmBcxbI2JGILq2+URFq2NXX0BdfA/iOHM
zFKjAxn2A0xG6fRiLYpApFG4zMv5UyxzgOd0vrzfvteHXJ2vKIu1/dELAwqlVRW+
pa/40prAPOZpXbZ5bWk=
-----END CERTIFICATE-----

从私钥的注释头可知，他是 PKCS#8格式的密钥 。这个格式需要从openssl genrsa生成的私钥，经过格式转换得到，这里先了解一下这个基本信息即可。freeswitch这么强大，常见的私钥格式应该都可以支持吧，再说了pkcs#8是比较常见的私钥格式，就连流行的一逼的 JAVA创建的证书对应的私钥默认都是pkcs#8的 呢。

接下来看看wss.pem内容有什么特点，下面用openssl x509指令看看

[root@fs3 certs]# openssl x509 -in wss.pem -noout -text
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, CN = FreeSWITCH
        Validity
            Not Before: Sep 16 06:54:26 2020 GMT
            Not After : Aug 30 06:54:26 2120 GMT
        Subject: C = US, CN = FreeSWITCH
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:c6:8f:96:3c:af:d3:76:1a:83:df:d4:1c:8b:07:
                    ed:f1:1d:d8:fd:cd:e0:7c:9d:09:64:47:51:3a:0b:
                    f8:61:a0:71:17:5d:fd:ed:89:d4:3c:55:3e:b6:30:
                    fc:08:a5:8f:8f:93:de:5b:d7:38:40:d6:06:23:76:
                    e5:a1:76:1b:8e:15:97:5a:84:7c:2c:bd:d5:98:b3:
                    34:62:6e:e9:76:81:14:77:d2:3d:21:91:a4:7c:50:
                    a7:76:0f:f4:44:0f:ab:a9:a0:1d:85:18:36:f9:7e:
                    7f:8b:44:2a:90:48:55:d2:07:ae:cb:89:05:b7:25:
                    b2:ae:33:e7:8a:9c:58:2a:b4:0c:43:7f:34:37:f7:
                    71:31:91:4b:4d:89:d5:5c:e4:eb:f7:a6:35:cb:17:
                    6a:da:94:b7:0a:9c:65:cf:18:b5:43:2d:a4:af:f6:
                    d4:72:3f:8a:13:6d:68:2a:76:58:ec:9e:71:1b:dd:
                    b8:d6:c1:a8:de:aa:1c:e1:95:48:c4:67:9f:0b:f7:
                    ac:f2:2a:15:b1:dd:fa:14:9f:86:47:52:38:b7:a9:
                    1c:dc:ac:7b:56:b6:8d:f5:cb:98:1c:6c:7b:8b:1f:
                    df:01:c6:c2:fa:b8:b9:a2:0f:62:41:4e:7f:04:ca:
                    25:b9:f2:6a:20:fa:be:c9:eb:4d:c2:24:18:f3:9d:
                    5d:58:fb:03:a9:c4:43:97:7e:f9:f1:4d:ed:e0:a2:
                    7d:f9:d7:82:89:1a:dd:9b:f7:ce:8c:ca:6e:3d:20:
                    b9:1b:84:fa:ea:f8:e7:81:91:96:bf:82:66:4f:01:
                    7f:42:59:bb:5b:0e:01:78:93:d8:ee:6c:14:b0:83:
                    79:e0:0c:c6:65:b3:f1:45:f0:ed:13:f0:5b:59:08:
                    71:af:43:c5:2f:06:11:bc:bb:13:07:e4:58:74:60:
                    20:01:99:3e:9b:96:1a:72:7f:b2:b8:fa:12:22:8e:
                    1b:26:ac:e4:f6:98:fb:e9:37:fa:af:5f:c4:2c:da:
                    d5:25:22:a2:a6:2f:49:7e:86:cb:9b:42:b3:06:a7:
                    a3:00:bd:67:10:5d:94:9b:a3:25:78:8a:e7:3f:92:
                    a3:63:8f:64:b5:d9:88:e0:28:0c:30:ad:39:5d:2e:
                    f6:dc:96:31:dc:da:d4:78:bc:2e:45:77:71:06:2e:
                    87:0c:0c:9b:90:0a:29:49:ac:6e:f8:30:36:e0:75:
                    2c:32:5a:18:63:4b:19:8f:40:db:2f:e5:3b:dd:20:
                    99:81:a8:2b:1a:d8:26:ea:cd:57:85:20:09:47:1c:
                    d3:60:c7:ca:86:a7:58:eb:26:48:9f:8b:cb:19:01:
                    d4:ed:01:81:9a:7e:f3:16:a5:b7:f6:cd:88:fa:65:
                    55:d2:55
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         4d:03:14:e4:0e:aa:95:7e:8d:ee:b0:a0:7b:b9:1d:51:21:64:
         f7:41:b0:11:a8:74:8a:95:bb:4f:34:74:8b:bd:c6:63:c0:62:
         d7:82:92:f0:b7:ab:d8:db:0a:21:bc:bf:93:d4:46:69:91:49:
         96:35:a6:97:c9:d8:81:03:46:bc:25:5b:bc:d7:ab:a7:fd:08:
         29:09:af:f8:9d:86:dd:0a:79:7c:22:59:9d:4f:3e:78:09:f8:
         40:35:1d:d9:c6:ca:25:f7:0a:5a:a6:09:e3:46:b1:e2:76:ba:
         f1:2c:c2:51:72:4b:b8:ee:b1:48:ff:db:09:28:be:6f:a8:ec:
         50:37:5c:49:87:b6:90:d4:61:c7:73:cc:17:a0:89:ef:98:4a:
         a4:35:b2:81:d4:2b:36:61:2a:79:18:b0:49:32:9d:bf:30:ba:
         a2:8d:f2:cc:a4:25:a2:fb:4f:49:77:23:f9:70:2b:59:97:a7:
         21:b0:63:bb:8b:9c:95:a6:b6:03:c8:31:3a:f6:5c:7f:dd:69:
         c9:97:31:ab:7f:0c:05:6c:61:7f:51:ab:81:30:c0:e3:91:42:
         49:8c:3f:bc:a3:3e:67:85:f4:e3:f6:d4:ab:f1:f5:45:9c:4e:
         c6:ca:7d:f9:37:6b:5a:f6:fd:89:18:db:e7:34:9c:8b:3b:f4:
         3f:b3:e4:58:9c:2c:e8:82:e7:9d:b1:68:f9:c4:a3:98:7d:f5:
         dd:66:c9:cf:68:2b:19:fd:18:d9:5d:16:7b:bc:1c:b4:69:34:
         f5:e4:ad:22:95:c5:6f:56:ab:77:1a:c0:a8:8b:d2:d9:2a:d4:
         67:aa:62:d4:0d:31:5f:7c:6d:7d:f3:b4:ee:e3:95:0f:08:45:
         e2:d8:77:4a:32:4e:77:51:96:25:5c:3b:62:16:2d:34:0f:18:
         f1:c8:93:bc:6a:81:44:b2:9c:86:01:a8:16:ff:2d:c3:fa:74:
         b3:e2:c2:92:cc:3a:67:8e:a9:1d:1c:49:c0:4a:fc:10:95:cb:
         d2:5c:7e:cf:bf:2f:3e:55:62:ee:b9:26:d4:72:9a:58:9f:3d:
         26:09:b7:ce:57:d6:36:eb:3b:c1:a6:64:e5:40:cf:bd:c2:d9:
         40:97:61:3d:07:fa:a9:09:21:9e:64:0e:98:17:31:6c:8d:89:
         18:82:ea:db:e5:11:16:ad:8d:5d:7d:01:75:f0:3f:88:e1:cc:
         cc:52:a3:03:19:f6:03:4c:46:e9:f4:62:2d:8a:40:a4:51:b8:
         cc:cb:f9:53:2c:73:80:e7:74:be:bc:df:be:d7:87:5c:9d:af:
         28:8b:b5:fd:d1:0b:03:0a:a5:55:15:be:a5:af:f8:d2:9a:c0:
         3c:e6:69:5d:b6:79:6d:69

从这个默认的wss.pem证书的内容看，是 4096位的RSA加密算法 的证书。

1. 创建基于自签名证书的的应用证书（4096位）

1.1 创建根证书的私钥

[root@fs3 certs]# openssl genrsa -out ca4k.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
.............................................++++
.............................................................++++
e is 65537 (0x010001)

1.2 签发自签名证书

[root@fs3 certs]# openssl req -new -x509 -key ca4k.key -out ca4k.crt -subj "/C=CN/ST=Hubei/L=Wuhan/O=Shihuc/OU=IOV/CN=IOVGFS"

1.3 创建服务端私钥文件

[root@fs3 certs]# openssl genrsa -out svr4k.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
............................................................................................................++++
..........................................................................++++
e is 65537 (0x010001)

1.4 生成证书签发请求文件

[root@fs3 certs]# openssl req -new -key svr4k.key -out svr4k.csr -subj "/C=CN/ST=Hubei/L=Wuhan/O=Shihuc/OU=IOV/CN=192.168.219.138"

1.5 签发服务端证书

[root@fs3 certs]# openssl ca -in svr4k.csr -out svr4k.crt -cert ca4k.crt -keyfile ca4k.key -days 3650
Using configuration from /usr/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Oct  4 17:14:55 2020 GMT
            Not After : Oct  2 17:14:55 2030 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Hubei
            organizationName          = Shihuc
            organizationalUnitName    = IOV
            commonName                = 192.168.219.138
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                02:CB:5B:94:EA:D1:E4:2F:64:81:CE:F4:F0:24:E5:27:25:D1:C5:88
            X509v3 Authority Key Identifier: 
                keyid:F1:23:37:F5:02:E3:06:22:8D:8D:E6:5E:ED:5C:85:E4:F2:BB:CA:88
Certificate is to be certified until Oct  2 17:14:55 2030 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

到此，自签名的根证书ca4k.crt、ca4k.key有了，nginx/freeswitch共用的服务端证书文件svr4k.crt、svr4k.key都创建了。这里重点需要注意的是，CN参数的填写，根证书，CN（Common Name）可以随便写，只要自己知道其含义即可，但是服务端证书，其CN的值就不能随便填写了，必须和对应服务器的域名或者IP绑定对应关系，即，要么用服务端的域名，要么是服务的IP地址。

2. 创建FS的WSS.pem证书文件

将svr4k.crt及svr4k.key合并成一个文件，写入到wss.pem文件中，这时，freeswitch的证书路径（/usr/local/freeswitch/certs/）下，需要将原本的dtls-srtp.pem,wss.pem文件备份，或者干脆直接删除，影响不大（删除了，fs会自动创建，但是，最好还是备份比较安全）

[root@fs3 certs]# cat svr4k.crt svr4k.key >wss.pem

这里，指令中，将svr4k.crt写在wss.pem的文件头还是svr4k.key写在文件头，都无所谓的。

接下来，看看，wss.pem的内容：

[root@fs3 certs]# vi wss.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Hubei, L=Wuhan, O=Shihuc, OU=IOV, CN=IOVGFS
        Validity
            Not Before: Oct  4 17:45:42 2020 GMT
            Not After : Oct  2 17:45:42 2030 GMT
        Subject: C=CN, ST=Hubei, O=Shihuc, OU=IOV, CN=192.168.219.138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:cd:b6:89:99:37:80:04:f4:c3:fc:72:33:94:55:
                    59:3c:c1:8d:f9:ed:57:7c:16:05:09:8c:ed:b3:54:
                    8e:d8:c9:2f:7a:6e:88:42:44:52:d1:a0:bc:88:35:
                    03:d9:7b:b6:06:dc:86:14:60:f2:ca:7d:da:d2:05:
                    86:09:46:94:9b:0c:e7:7b:ac:85:a0:7d:73:6c:f5:
                    37:89:17:e2:d5:57:0f:d7:48:df:10:80:18:ef:16:
                    1e:08:b8:c8:45:3d:11:13:a5:7f:a6:3e:d1:ac:da:
                    42:a8:55:bb:b9:d0:62:f8:5b:fd:82:2c:92:48:47:
                    4c:16:e6:84:36:e1:de:cb:dd:3a:1f:c9:cf:7c:f4:
                    2d:43:c5:6d:15:06:d5:f4:60:af:c6:bf:8c:91:4e:
                    ac:90:a8:32:97:1c:ac:a3:ea:a0:9b:66:06:14:a5:
                    28:c9:14:3a:e7:a8:d0:43:28:59:27:e5:d5:e5:a0:
                    f9:9c:91:bb:6b:be:ff:38:00:db:1e:2b:21:ce:21:
                    50:56:17:ee:50:9f:fd:02:2c:e7:3e:4c:f8:b8:b3:
                    e0:cf:39:87:cb:bc:a7:71:51:67:e3:96:d4:3d:42:
                    d5:4c:db:95:53:36:48:c1:2b:ab:90:63:c6:e0:86:
                    7e:a4:64:b8:80:2a:92:23:22:fa:b7:4b:8a:a6:31:
                    16:ba:25:8f:db:86:f6:e0:7a:b9:7c:68:1b:82:d5:
                    cc:94:35:14:31:32:40:bb:36:c9:55:15:57:d6:39:
                    18:16:7b:44:f4:be:0b:1d:36:99:a9:09:6e:13:3e:
                    e5:3e:3b:ca:5b:aa:8d:66:0c:e5:f3:6e:2f:cc:85:
                    b0:02:d6:6a:b1:77:73:24:ea:4f:69:cf:6f:6e:92:
                    ad:4d:89:bf:32:2d:04:77:f2:e2:be:62:d9:96:56:
                    b0:85:8b:31:42:d1:44:45:e5:1b:3a:26:34:46:38:
                    74:4d:6a:b7:ff:38:7a:32:07:31:41:da:c9:bd:1d: