Last active
November 19, 2016 08:43
-
-
Save shimizukawa/1577447 to your computer and use it in GitHub Desktop.
create self signed ssl pem file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pyopenssl | |
twisted | |
cherrypy | |
service_identity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os, time, tempfile | |
from twisted.internet import ssl | |
import OpenSSL | |
def generate_ssl_pem(cn): | |
# req | |
dn = ssl.DistinguishedName(commonName=cn) | |
keypair = ssl.KeyPair.generate() | |
req = keypair.certificateRequest(dn) | |
# sign | |
verify = lambda dn: True | |
serialno = int(time.time()) | |
issuer = ssl.DistinguishedName(commonName=cn) | |
certData = keypair.signCertificateRequest(issuer, req, verify, serialno) | |
cert = keypair.newCertificate(certData) | |
return cert.dumpPEM() | |
def verify_ssl_pem_file(cn, filename): | |
if not os.path.exists(filename): | |
return False | |
pem = open(filename, 'rb').read() | |
cer = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem) | |
for pair in cer.get_subject().get_components(): | |
if pair == ('CN', cn): | |
return True | |
return False | |
def generate_ssl_pem_file(cn, filename=None): | |
if filename: | |
if verify_ssl_pem_file(cn, filename): | |
return filename | |
else: | |
f = open(filename, 'wb') | |
else: | |
f = tempfile.NamedTemporaryFile(delete=False) | |
filename = f.name | |
with f: | |
f.write(generate_ssl_pem(cn)) | |
print 'SSL: pem generated for', cn | |
return filename | |
if __name__ == '__main__': | |
from cherrypy.wsgiserver import CherryPyWSGIServer | |
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter | |
from wsgiref.simple_server import demo_app | |
domain = 'www.example.com' | |
pemfile = generate_ssl_pem_file(domain) | |
https = CherryPyWSGIServer(('0.0.0.0', 443), demo_app, server_name=domain) | |
https.ssl_adapter = BuiltinSSLAdapter(pemfile, pemfile, None) | |
print('Server running as: https://0.0.0.0:443/') | |
https.start() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment