[英]Self-Signed SSL Certificate Changes Upon Retrieval
我有一个非常简单的 Flask HTTPS 服务器,它在 google 计算实例上使用自签名证书运行。 这是服务器的代码:
from flask import Flask
app = Flask(__name__)
with open("test_certificate.pem",'r') as inputFile:
print(inputFile.read())
if __name__=="__main__":
app.run(ssl_context=("test_certificate.pem", "test_key.pem"),
debug=True, host="0.0.0.0", port=443)
当我启动服务器时,我收到以下输出:
-----BEGIN CERTIFICATE-----
MIID7DCCAtSgAwIBAgIJANdrMgD+3bUnMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJVUzELMAkGA1UECAwCUEExFTATBgNVBAcMDFBoaWxhZGVscGhpYTEKMAgG
A1UECgwBQTERMA8GA1UECwwIYXNkZmF3ZWYxFzAVBgNVBAMMDjM1LjIzMS4xMTAu
MTQ5MR8wHQYJKoZIhvcNAQkBFhBhc2RmYXNAZ21haWwuY29tMB4XDTE5MDMyMjIw
NTcyM1oXDTIwMDMyMTIwNTcyM1owgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJQ
QTEVMBMGA1UEBwwMUGhpbGFkZWxwaGlhMQowCAYDVQQKDAFBMREwDwYDVQQLDAhh
c2RmYXdlZjEXMBUGA1UEAwwOMzUuMjMxLjExMC4xNDkxHzAdBgkqhkiG9w0BCQEW
EGFzZGZhc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCl16hzFOqYQozHh4G46oY32HP59LgfbT7hGyAcYPC3jt42jiKa9Yfpa8JaaZrm
xWagPNZG73xqyejMoaLKEPbZc650e+mwNuVoer2ic2CZIKp5iVy0si85ecxAkFYR
3RF+eDCqL8kT5gLbfj8knq3PQtVp2AmNlnN8c3cV6It5XJMUoPyfGdCGzphzVha+
XBpWJ25pWmezB38lTZpBdeZx2KDTDNpbtxsmtxy52IHQ/HXCnlW8bSbvhFvTn0IH
q3vOJnKG7GNOiOtyi+i6bSg0QxbQAhN5xVVB3Qq6i5yaIFTz/1Wedr4FpvbJqShZ
wf5lt4PxSaO6hDXbnWOgiiW3AgMBAAGjUzBRMB0GA1UdDgQWBBSs3T312Qv3r7QN
bs/duHyQrvO9RTAfBgNVHSMEGDAWgBSs3T312Qv3r7QNbs/duHyQrvO9RTAPBgNV
HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBLcpXBcafyR2SRa6jDDnwt
rDxr4aKnC6C99JPmrpBS6aD5+LrCUn6eY7B0MS5/+EoBEWxMtRoCW6MpBKdaOgPw
1etjfoYICPTvkvnIJRn3re1ziV54wSaXWlATTCoJ9Cjg8daHk7RS5JFr9T13iRwR
dzbAx6/dAFur6mmVcH5yD+qSJWSIBq/EpOjy4xWt1Pqu7oClzGLCStsR4sAIg0+T
gQIwxy9pMukxZOCzER9Ega+Wnac/CpA9pNUs+ayMebjo9ZVnq95vBzy87UMptvz9
W00TV+NN/zbnV24gmnOTWla4x8ylxxhq+7bYImZjnwinMe3FCIcZA350dcuOZI8n
-----END CERTIFICATE-----
我在发送 HTTPS 请求时遇到问题(我收到 SSL“握手错误”错误),所以我执行了以下代码以查看返回的证书是什么:
import ssl
serverSSL = ssl.get_server_certificate(('20.42.490.329',443))
print(serverSSL)
with open(VERIFY_PATH, 'w') as outputFile:
outputFile.write(serverSSL)
此代码输出以下内容:
-----BEGIN CERTIFICATE-----
MIIDmDCCAoCgAwIBAgIJT8O3F1rTZQgnMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJQQTEVMBMGA1UEBxMMUEhJTEFERUxQSElBMQ0wCwYD
VQQKEwRVUEhTMRYwFAYDVQQDFA1VUEhTX0ZJUkVXQUxMMB4XDTE5MDMyMjIwNTcy
M1oXDTIwMDMyMTIwNTcyM1owgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJQQTEV
MBMGA1UEBwwMUGhpbGFkZWxwaGlhMQowCAYDVQQKDAFBMREwDwYDVQQLDAhhc2Rm
YXdlZjEXMBUGA1UEAwwOMzUuMjMxLjExMC4xNDkxHzAdBgkqhkiG9w0BCQEWEGFz
ZGZhc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
Bd7d0ty9wbw8G+ongIs6Ezy0njO0JLulMNV/SVnBg+V0yHfCy0emA4JXyHTw+LfX
fQcQeiv0znXUFNnl+i2T0vQuPb2U99wbj+c/MEsiP+H9NRDWzgYgQTat/nGZv31l
grH4+IJSYVuQ/iKquSseKrQRJzDQes1BbuA8hNoD2iIuV2hIPzXMUOEbBExXoAF8
U8M0UMWUrvsCYrzf/qJlg+jciUqhXiRc3SomIxrs6P7J/LJHl+xWFsUflWgzoxDn
NCYaf3nCGi55cqWbstJytvtDoDqS3+HoYeCLz3ab/HCGMiTPJOtLi/nLMhkCZy2U
bowedqlFX6C7wIG/rczTAgMBAAGjMjAwMB0GA1UdDgQWBBSs3T312Qv3r7QNbs/d
uHyQrvO9RTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBtgJZ3
dQMV36kXDKKEBEV04RTFD6XrKhEx0/TRyiCzuCG05GtF0efbA0pz18uDMNYla70i
R4n/KWTRjbJ8aVvQwYvT7vCgTzHtM0lPwIiZYzssvlaauBEiZCBYAEV1hFEK53A2
eqUmDGul7x9w4IO0800pC8vkdxL6UGa6i/cEp4xXZca+A4Ukhoq+I8sENPTiBIy1
FT+wWgz8d7V65wM+r9pe4OvUubLJ4qHwKBGRGCOAh5SeluKIL1L8sSul3MKOr+Cj
t5mHuGsjXTyIjB3nYkW94tBkFiRvEYRKtvoDOo5wm8v4g/GGSZtDlNLtq7523J3n
maGrCR2AQw4PA5i3
-----END CERTIFICATE-----
为什么这些证书不匹配? 我假设这就是我收到错误握手错误的原因。 任何建议都非常感谢
好的,所以您使用的是无效证书,并且每次文件都更改的原因是您正在破坏它。
这是我用来获得大多数浏览器可以使用的受信任证书的方法: https://certbot.eff.org/instructions : https://certbot.eff.org/instructions 。 评论并告诉我这是否适合您。
Tho,如果你真的想测试这个,只需使用
if __name__ == "__main__":
app.run(ssl_context='adhoc')
使用自签名证书将Metro应用连接到Python SSL服务器
[英]Connect a Metro app to a Python SSL server with a self-signed certificate
如何删除在AWS ubuntu服务器中创建的自签名SSL证书
[英]How to remove the self-signed SSL certificate created in AWS ubuntu server
应用程序无法在运行Debian的BeagleBone Black上验证SSL自签名证书
[英]Application fails to verify SSL self-signed certificate on a BeagleBone Black running Debian
如何允许 python 信任我服务器的 TLS 自签名证书:ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败
[英]How to allow python to trust my server's TLS self-signed certificate: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.