Last active
January 18, 2020 04:29
-
-
Save asears/3d7d6283d5d598417f2efc5b27a94ecf to your computer and use it in GitHub Desktop.
Simple local http.server with https enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from http.server import HTTPServer, SimpleHTTPRequestHandler | |
| import ssl | |
| httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler) | |
| httpd.socket = ssl.wrap_socket(httpd.socket, certfile='/tmp/cert-and-key.pem', server_side=True) | |
| httpd.serve_forever() |
Author
Author
SSL Certificates for Humans
https://github.com/lifehackjim/cert_human
conda create -n envssl
activate envssl
pip install cert_human
OpenSSL Quick Reference Guide
https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm
choco install anaconda3
choco install wget
refreshenv
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -config c:\tools\Anaconda3\library\openssl.cnf
copy key.pem+cert.pem cert-and-key.pem
Get CA Bundle
wget https://curl.haxx.se/ca/cacert.pem
Get Self-Signed Cert in a Single Line
echo quit | openssl s_client -showcerts -servername "curl.haxx.se" -connect curl.haxx.se:443 > cacert.pem
Country Code Reference:
https://www.digicert.com/ssl-certificate-country-codes.htm
CertUtil Reference:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
Get an up-to-date CA Bundle
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
Author
python -m servit.py
Author
pip config set global.cert path/to/ca-bundle.crt
pip config list
conda config --set ssl_verify path/to/ca-bundle.crt
conda config --show ssl_verify
git config --global http.sslVerify true
git config --global http.sslCAInfo path/to/ca-bundle.crt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
RFC 4346
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority may optionally be omitted from the chain,
under the assumption that the remote end must already possess it
in order to validate it in any case.