self signed certificates

generate_ca.sh

#!/bin/sh

#
# Required OpenSSL 1.1.1, providing subjectAltName directly on command line:
# https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
#

openssl req -x509 \
    -nodes \
    -subj "/CN=$1" \
    -newkey rsa:2048 \
    -keyout key.pem \
    -out cert.pem \
    -addext "subjectAltName=DNS:$1" \
    -days 365

server.py

"""
Generate new self signed certificate (Required OpenSSL 1.1.1, providing subjectAltName directly on command line):
openssl req -x509 -nodes -subj "/CN=test.localhost" -addext "subjectAltName=DNS:test.localhost" -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
"""

import sys
import ssl

LISTEN_ADDR = 'localhost'
LISTEN_PORT = 4443

if sys.version_info.major == 2:
    import BaseHTTPServer, SimpleHTTPServer
    httpd = BaseHTTPServer.HTTPServer((LISTEN_ADDR, LISTEN_PORT), SimpleHTTPServer.SimpleHTTPRequestHandler)
else:
    import http.server
    httpd = http.server.HTTPServer((LISTEN_ADDR, LISTEN_PORT), http.server.SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./cert.pem', keyfile='./key.pem', server_side=True)
httpd.serve_forever()