stackoom
  简体   繁体   中英

How to remove the self-signed SSL certificate created in AWS ubuntu server

 原文  2018-01-21 15:33:54       python/ amazon-web-services/ ubuntu/ ssl/ nginx

Question

Hi I have deployed a simple flask python web in the AWS ubuntu server, followed this guys' e-book( https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-vii-error-handling ). But I found there is issue, when I want to access the web by the browser. When I accessed the site in the chrome browser, there is security warning as shown in the figure. Although I can click the 'processed to...' to access successfully the site.

问题

But I don't want the warning image is shown when accessing the site.

I found that this issued is caused by the self-signed SSL certificate in AWS ubuntu server. The command for creating SSL certificate is following: 

 $ mkdir certs
 $ openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
  -keyout certs/key.pem -out certs/cert.pem

And the Nginx configuration is following, I want to delete or comment out the ssl_certificate part, and reload it. But I found that I can't access the site. After I added ssl_certificate part, and it works. But there is still warning pages. How to deal with this issue. 

    server {
    # listen on port 443 (https)
    listen 443 ssl;
    server_name _;
    # location of the self-signed SSL certificate
    ssl_certificate /home/ubuntu/microblog2/certs/cert.pem;
    ssl_certificate_key /home/ubuntu/microblog2/certs/key.pem;

    location / {
        # forward application requests to the gunicorn server
        proxy_pass http://127.0.0.1:8000;
        proxy_redirect off;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
    location /static {
        # handle static files directly, without forwarding to the application
        alias /home/ubuntu/microblog2/static;
        expires 30d;
} }

1 answers

solution1
 1  2018-01-21 15:46:24

In order to remove the cert from your setup, you need to return the config to port 80 with no SSL support. So remove listen 443 ssl ssl_certificate lines, and , replace with listen 80 only.

Once you get a proper cert, you can return to this configuration, after you upload the cert files shown in the config.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect a Metro app to a Python SSL server with a self-signed certificate How to run Aiogram webhook with self-signed ssl certificate? How to let PyCharm accept my self-signed SSL certificate? Custom web server & self-signed certificate How to allow python to trust my server's TLS self-signed certificate: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed Self-Signed SSL Certificate Changes Upon Retrieval How to connect with Python IMAP4_SSL and self-signed server SSL cert? How to accept self-signed certificate from e-mail server via smtplib (TSL)? How to restrict access by using a self-signed certificate? urllib3 self-signed certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM