web2py[:]


If you benefit from web2py hope you feel encouraged to pay it forward by contributing back to society in whatever form you choose!

Generate SSL self-signed certificate and key, enable https encryption in web2py
Recipe by Tim .py (pyhead) on 2012-05-20 in Controller, Deployment, View

Generate SSL self-signed certificate and key and enable https encryption in web2py. Enjoy your privacy https://www.eff.org https://www.torproject.org

Controller

def create_self_signed_cert(cert_dir):
    """
    create a new self-signed cert and key and write them to disk
    """
    from OpenSSL import crypto, SSL
    from socket import gethostname
    from pprint import pprint
    from time import gmtime, mktime
    from os.path import exists, join

    CERT_FILE = "ssl_certificate.crt"    
    KEY_FILE = "ssl_self_signed.key"
    ssl_created = False
    if not exists(join(cert_dir, CERT_FILE)) \
            or not exists(join(cert_dir, KEY_FILE)):
        ssl_created = True    
        # create a key pair
        k = crypto.PKey()
        k.generate_key(crypto.TYPE_RSA, 4096)

        # create a self-signed cert
        cert = crypto.X509()
        cert.get_subject().C = "AQ"
        cert.get_subject().ST = "State"
        cert.get_subject().L = "City"
        cert.get_subject().O = "Company"
        cert.get_subject().OU = "Organization"
        cert.get_subject().CN = gethostname()
        cert.set_serial_number(1000)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(10*365*24*60*60)
        cert.set_issuer(cert.get_subject())
        cert.set_pubkey(k)
        cert.sign(k, 'sha1')

        open(join(cert_dir, CERT_FILE), "wt").write(
            crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
        open(join(cert_dir, KEY_FILE), "wt").write(
            crypto.dump_privatekey(crypto.FILETYPE_PEM, k))

        create_self_signed_cert('.')
        
    return(ssl_created, cert_dir, CERT_FILE, KEY_FILE)

def generate_ssl_key():
    ssl_created, cert_dir, CERT_FILE, KEY_FILE = create_self_signed_cert(request.folder + "private/")
    return(dict(ssl_created=ssl_created, cert_dir=cert_dir, CERT_FILE=CERT_FILE, KEY_FILE=KEY_FILE))

View default/generate_ssl_key.html

{{extend 'layout.html'}}
<h1>SSL certificate and key generated</h1>

Saved to: {{=cert_dir}}<br>
Certificate: {{=cert_dir}}{{=CERT_FILE}}<br>
Self-signed Key: {{=cert_dir}}{{=KEY_FILE}}<br><br>
Run web2py with SSL:<br>
python web2py.py -c {{=cert_dir}}{{=CERT_FILE}} -k {{=cert_dir}}{{=KEY_FILE}} -i IP -p PORT

Open http://yoursite/app/default/generate_ssl_key

Uncomment this line in db.py:

request.requires_https()

Enjoy your privacy www.eff.org www.torproject.org

ssl encryption security

Related slices

Comments (2)

Hosting graciously provided by:
Python Anywhere