堆栈内存溢出
  简体   繁体   English

使用python从自定义路径验证SSL证书

[英]Verify SSL certificate from the custom path using python

 原文  2019-02-21 12:31:28       python/ ssl/ python-requests

问题描述

I have installed apache web server. 我已经安装了Apache Web服务器。 Generated SSL for the apache website. 为apache网站生成了SSL。 Got cert file and key. 得到了证书文件和密钥。 I wrote a python snippet to validate the ssl file for the website. 我写了一个python代码段来验证网站的ssl文件。 The certificate file path is stored in cer_auth. 证书文件路径存储在cer_auth中。 My code will access file in the cer_auth,validates it and provide the result. 我的代码将访问cer_auth中的文件,对其进行验证并提供结果。 But it is showing error. 但是它显示错误。 How to solve it? 怎么解决呢?

Here's the code: 这是代码: 

import requests
host = '192.168.1.27'
host1 = 'https://'+host
#cer_auth = '/etc/ssl/certs/ca-certificates.crt'
cer_auth = '/home/paulsteven/Apache_SSL/apache-selfsigned.crt'
print(host1)
try:
    requests.get(host1, verify= cer_auth)
    print("SSL Certificate Verified")
except:
    print("No SSL certificate")

Error i got: 我得到的错误: 

https://192.168.1.27
/home/paulsteven/.local/lib/python3.5/site-packages/urllib3/connection.py:362: SubjectAltNameWarning: Certificate for 192.168.1.27 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
No SSL certificate

1 个解决方案

解决方案1
 0  2019-02-21 14:09:08

The old way of pointing certificates to hostnames was through the CommonName or CN field. 将证书指向主机名的旧方法是通过CommonName或CN字段。 This practice is rapidly changing due to changes in how browsers handle certificates. 由于浏览器处理证书方式的变化,这种做法正在迅速改变。 The current expectation is to have all hostnames and IPs in x509v3 extended fields in the certificate, named subjectAlternativeNames. 当前的期望是在证书的x509v3扩展字段中拥有名为hostAlternativeNames的所有主机名和IP。 The instructions you have followed were probably outdated. 您遵循的说明可能已过时。

Here's a mediocre guide into doing just that with OpenSSL 这是使用OpenSSL做到这一点的平庸指南

https://support.citrix.com/article/CTX135602 https://support.citrix.com/article/CTX135602

If you want to sign for some IP addresses, the field name is IP.1 instead of DNS.1 like in the link above. 如果要签名某些IP地址,则字段名是IP.1而不是DNS.1如上面的链接中所示。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Python:Ssl 证书验证失败 - Python: Ssl Certificate verify failed python请求验证SSL证书 - python requests verify SSL certificate 在Python3中使用请求时,SSL:CERTIFICATE_VERIFY_FAILED - SSL: CERTIFICATE_VERIFY_FAILED when using Requests in Python3 SSL:CERTIFICATE_VERIFY_FAILED]证书从python脚本生成SMS时验证失败 - SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed while generating SMS from python script SSL:CERTIFICATE_VERIFY_FAILED 证书验证在 Python 中失败 - SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed in Python Python客户端 - SSL lib - 证书验证失败 - Python client - SSL lib - certificate verify failed 如何验证 python 中的 SSL 证书? - How do I verify an SSL certificate in python? Python-问题SSL:CERTIFICATE_VERIFY_FAILED - Python - Issue SSL: CERTIFICATE_VERIFY_FAILED python foursquare - SSL3证书验证失败 - python foursquare - SSL3 certificate verify failed SSL证书验证在python mqtt连接上失败 - SSL Certificate Verify Failed on python mqtt connection
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM