CherryPy SSL链式证书
[英]CherryPy SSL Chained Certificates
问题描述
I'm trying to get CherryPy to use SSL. 
我正在尝试让CherryPy使用SSL。
The first issue I encountered was it was not supported on that current version available on Ubuntu, so I've upgraded to the latest version and got it working with self signed certificates. 我遇到的第一个问题是Ubuntu上的当前版本不支持该版本,因此我已升级到最新版本,并使其可以使用自签名证书。
I then got certificates that are chained, from GoDaddy. 然后,我从GoDaddy获得了链接的证书。 I provide them with the output of this command: 我向他们提供此命令的输出:
openssl req -new -newkey rsa:2048 -nodes -out [private info]
They then returned two files, a .crt and a gd_bundle.crt. 然后,他们返回了两个文件:.crt和gd_bundle.crt。 The first contains: one -----BEGIN CERTIFICATE----- certificate -----END CERTIFICATE----- 第一个包含:一个----- BEGIN CERTIFICATE -----证书----- END CERTIFICATE -----
The second contains 3, like above. 第二个包含3,如上。
Does CherryPy work with chained certificates? CherryPy是否可以使用链式证书? I've seen this link that states it needs patching and tried as suggested, but the patch failed and the method did not work. 我已经看到此链接指出它需要修补,并按建议进行尝试,但是修补失败,该方法无效。
Please can someone explain what I'm missing or how to resolve this. 请有人可以解释我所缺少的内容或解决方法。
1 个解决方案
解决方案1
2 已采纳 2015-04-16 20:02:07
CherryPy supports intermediary certificates at least since 2011 (not sure about version). CherryPy至少从2011年起就支持中间证书(不确定版本)。 It is also documented, and if you precisely read Deploy SSL support documentation section, you would have noticed the following. 它也被记录下来,如果您准确地阅读了“ 部署SSL支持文档”部分,则可能会注意到以下内容。
If you have a certificate chain at hand, you can also specify it:
cherrypy.server.ssl_certificate_chain = "certchain.perm"cherrypy.server.ssl_certificate_chain = "certchain.perm"
As you may know latest release CherryPy 3.6 has SSL socket problem, but it was fixed in development branch and you can install it from the repo, like: 如您所知,CherryPy 3.6的最新版本具有SSL套接字问题,但已在开发分支中进行了修复,您可以从存储库中安装它,例如:
pip install hg+https://bitbucket.org/cherrypy/cherrypy
Test may look like this. 测试可能看起来像这样。
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import cherrypy
config = {
'global' : {
'server.socket_host' : '127.0.0.1',
'server.socket_port' : 8080,
'server.thread_pool' : 8,
'server.ssl_module' : 'pyopenssl',
'server.ssl_certificate' : '/path/to/certs/domain.com.crt',
'server.ssl_certificate_chain' : '/path/to/certs/ssl123_ca_bundle.pem',
'server.ssl_private_key' : '/path/to/certs/domain.com.key',
}
}
class App:
@cherrypy.expose
def index(self):
return '<em>Is this secure?</em>'
if __name__ == '__main__':
cherrypy.quickstart(App(), '/', config)
Related security warning 相关安全警告
Make sure you read this question . 确保您阅读了这个问题 。 I strongly recommend you to use Python 2.7.9+ or Python 3.4+ for security reasons or pyOpenSSL with latest OpenSSL available to you. 出于安全原因,我强烈建议您使用Python 2.7.9+或Python 3.4+或将pyOpenSSL与最新的OpenSSL结合使用。 Also don't forget to test your deployment with comprehensive SSL tester, Qualys's for instance. 另外,不要忘了使用全面的SSL测试仪(例如Qualys)测试您的部署。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.