Commit 942080a8 authored by Marc Duez's avatar Marc Duez

server: self generate ssl certificate

parent d3b5588e
......@@ -365,3 +365,52 @@ def user():
to decorate functions that need access control
"""
return dict(form=auth())
def create_self_signed_cert(cert_dir):
"""
create a new self-signed cert and key and write them to disk
"""
from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime
from os.path import exists, join
CERT_FILE = "ssl_certificate.crt"
KEY_FILE = "ssl_self_signed.key"
ssl_created = False
if not exists(join(cert_dir, CERT_FILE)) \
or not exists(join(cert_dir, KEY_FILE)):
ssl_created = True
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 4096)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "AQ"
cert.get_subject().ST = "State"
cert.get_subject().L = "City"
cert.get_subject().O = "Company"
cert.get_subject().OU = "Organization"
cert.get_subject().CN = gethostname()
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha1')
open(join(cert_dir, CERT_FILE), "wt").write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open(join(cert_dir, KEY_FILE), "wt").write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
create_self_signed_cert('.')
return(ssl_created, cert_dir, CERT_FILE, KEY_FILE)
def generate_ssl_key():
ssl_created, cert_dir, CERT_FILE, KEY_FILE = create_self_signed_cert(request.folder + "private/")
return(dict(ssl_created=ssl_created, cert_dir=cert_dir, CERT_FILE=CERT_FILE, KEY_FILE=KEY_FILE))
......@@ -7,7 +7,7 @@
## if SSL/HTTPS is properly configured and you want all HTTP requests to
## be redirected to HTTPS, uncomment the line below:
# request.requires_https()
request.requires_https()
if not request.env.web2py_runtime_gae:
## if NOT running on Google App Engine use SQLite or other DB
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment