Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Using SSL Certificate, PrivateKey, CertChains with Python Flask/Twisted
from OpenSSL.crypto import load_privatekey, load_certificate, FILETYPE_PEM
#from OpenSSL.SSL import SSLv3_METHOD
from twisted.internet import reactor
from twisted.internet.ssl import CertificateOptions, DefaultOpenSSLContextFactory, DiffieHellmanParameters
from twisted.web import proxy, server
from twisted.python.filepath import FilePath
sample_site = server.Site(proxy.ReverseProxyResource('localhost', 80, '')) # ignore it.
# AES256-SHA
#certOptions = DefaultOpenSSLContextFactory('server.key', 'server.crt')
certOptions = CertificateOptions(
privateKey=load_privatekey(FILETYPE_PEM, FilePath("private.key").getContent()), # PKey Object
certificate=load_certificate(FILETYPE_PEM, FilePath("server.crt").getContent()), # X509 Object
# method=SSLv3_METHOD,
extraCertChain=[load_certificate(FILETYPE_PEM, FilePath(filename).getContent()) for filename in ("chain1.crt", "chain2.crt", "chain3.crt")]
reactor.listenSSL(443, sample_site, certOptions)
from flask import Flask
app = Flask(__name__)'', port=443, ssl_context=('merged.crt','private.key')) # cat server.crt chain1.crt chain2.crt ... > merged.crt
Copy link

minhoryang commented Apr 25, 2015

For the extraCertChain, hierarchically ordered certificate files.
(I'm not sure what if it wasn't ordered.)

Copy link

minhoryang commented Apr 25, 2015

SSLv3 was disabled. (

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment