Python 3 Simple HTTPS server

python3_https_server.py

#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl: 
#     openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html

import http.server
import ssl

httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)
httpd.serve_forever()

Awesome!

If you want to expose it to the world, just change '127.0.0.1' to '0.0.0.0'

Thanks!

I am on Python 3.11.2 and I see a warning when running this script:

python3_https_server.py:11: DeprecationWarning: ssl.wrap_socket() is deprecated, use SSLContext.wrap_socket()
  httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)

I fix this warning with the following script:

#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl: 
#     openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html

import http.server
import ssl

httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.load_cert_chain(certfile='./server.pem')
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()

Thanks @lxylxy123456

If server.crt server.key are separate, use this to load

ctx.load_cert_chain(certfile='server.crt', keyfile='server.key')

can sb help me, i have code like this:

import http.server
import ssl

httpd = http.server.HTTPServer(('localhost', 8000), http.server.SimpleHTTPRequestHandler)
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.load_cert_chain(certfile='./server.pem')
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()

and i have error such as:

PS C:\Users\PC\Desktop\Links-page-main> & C:/Users/PC/AppData/Local/Microsoft/WindowsApps/python3.13.exe c:/Users/PC/Desktop/Links-page-main/server.py
Traceback (most recent call last):
  File "c:\Users\PC\Desktop\Links-page-main\server.py", line 7, in <module>
    ctx.load_cert_chain(certfile='./server.pem')
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [SSL] PEM lib (_ssl.c:4097)

python 3.13.1

@BagroSlave Does ./server.pem exist, and is it in the right format? Looks like a problem with reading that file

@BagroSlave Does ./server.pem exist, and is it in the right format? Looks like a problem with reading that file

yeah, i have one in the same directory as script, which was created with openssl

@BagroSlave Do all of these work? These will read the CA in PEM form, read the private key in PEM form and verify the certificate against itself as a CA. If any fail then there is a problem with the file.

openssl x509 -in ./server.pem -text -noout -inform PEM
openssl rsa -in server.pem -text -noout -inform PEM
openssl verify -verbose -CAfile ./server.pem ./server.pem

@BagroSlave Do all of these work? These will read the CA in PEM form, read the private key in PEM form and verify the certificate against itself as a CA. If any fail then there is a problem with the file.

openssl x509 -in ./server.pem -text -noout -inform PEM
openssl rsa -in server.pem -text -noout -inform PEM
openssl verify -verbose -CAfile ./server.pem ./server.pem

yeah, it give me sth like this:

C:\links>openssl x509 -in ./server.pem -text -noout -inform PEM
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:ba:f8:4c:f7:ab:f3:6e:8a:e6:93:ed:1f:0a:fb:5b:08:54:50:9a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=UA, ST=Some-State, O=Internet Widgits Pty Ltd, CN=192.168.0.2
        Validity
            Not Before: Jan 16 14:37:08 2025 GMT
            Not After : Jan 16 14:37:08 2026 GMT
        Subject: C=UA, ST=Some-State, O=Internet Widgits Pty Ltd, CN=192.168.0.2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b5:2f:fd:19:ff:73:73:08:85:5a:b8:d4:ac:37:
                    18:b1:ed:06:03:49:4c:22:47:3a:8f:f5:43:3a:b9:
                    35:17:8e:bf:18:92:21:28:2a:a1:c8:f2:54:8f:f7:
                    e8:b8:6c:f7:31:3c:a8:82:0e:ff:81:a5:a8:f1:37:
                    65:cc:66:9b:b4:bf:a5:40:97:77:48:0d:77:2b:2a:
                    0b:3a:6e:a8:82:fa:45:e5:15:63:59:47:be:ae:2d:
                    3a:52:40:a7:c3:d8:5f:fb:8c:a9:be:3b:40:57:2b:
                    2e:43:3e:0a:4a:6e:58:06:6c:35:f2:1a:d5:2a:0b:
                    25:3d:89:33:ac:b7:5f:c9:38:7a:01:b2:5c:25:a5:
                    ca:0e:1f:2b:d6:d4:23:6f:a2:06:ed:48:aa:d3:5a:
                    3e:4c:ca:43:fc:d2:18:02:12:72:f1:ee:71:5f:15:
                    c0:ce:e5:bc:09:aa:3b:3d:1c:b2:39:93:65:6a:43:
                    1e:c9:15:58:48:d6:21:e6:90:1b:f5:65:61:d4:74:
                    79:3d:ee:c4:ac:10:3a:4e:34:5c:98:00:4e:93:65:
                    6d:fb:93:f0:37:27:3c:e1:86:ec:e4:93:c4:9b:bd:
                    f7:5f:a6:9c:d1:89:44:ca:15:e8:49:32:5b:ec:98:
                    69:0e:1a:79:24:f4:a6:1e:27:7f:63:d2:a8:78:40:
                    fc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:99:19:F7:27:BB:90:4F:C4:64:91:91:E1:F6:3C:07:6A:E9:A6:30
            X509v3 Authority Key Identifier:
                17:99:19:F7:27:BB:90:4F:C4:64:91:91:E1:F6:3C:07:6A:E9:A6:30
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        13:e0:e7:72:6e:d5:3d:6e:96:50:42:3e:c1:be:40:1d:bc:25:
        f7:e1:1d:dc:0f:13:29:70:c8:83:6a:b4:46:71:a2:d0:57:88:
        54:91:f7:a1:fd:c5:bf:83:28:fa:25:20:0f:5f:b9:1b:6d:99:
        89:72:87:bd:f7:57:c7:28:74:ef:a0:e4:70:88:df:24:5e:3b:
        cd:3b:76:bd:7f:c5:ee:ab:d3:4f:48:bf:73:51:0e:c6:d1:0f:
        9a:b0:86:2d:9d:5f:c1:80:5d:f4:1b:03:71:de:74:d6:09:59:
        0b:05:52:41:54:b8:c2:b0:13:07:13:da:96:af:86:4c:1b:b4:
        f8:38:42:74:d6:b2:f1:5b:84:bf:26:f6:87:32:74:ca:e7:14:
        59:a2:0b:2c:66:6e:6f:7e:0b:d4:f9:ff:4d:dd:e3:f0:69:7d:
        1e:7b:19:0e:55:ec:af:aa:78:fd:65:29:3b:be:21:b0:29:53:
        a8:41:22:e5:69:64:ad:92:e5:26:71:89:2e:e8:74:a1:1e:5d:
        25:c6:e8:52:4c:bf:f5:de:a9:82:b3:b7:48:af:04:27:65:0d:
        0c:ff:29:c0:d3:ba:a9:a6:00:62:72:41:58:6f:b9:de:e5:34:
        a3:d1:25:d3:ee:50:7b:e1:65:10:8f:52:cd:18:5f:f1:24:87:
        6a:2b:4f:e6

C:\links>openssl rsa -in server.pem -text -noout -inform PEM
Private-Key: (2048 bit, 2 primes)
modulus:
    00:b5:2f:fd:19:ff:73:73:08:85:5a:b8:d4:ac:37:
    18:b1:ed:06:03:49:4c:22:47:3a:8f:f5:43:3a:b9:
    35:17:8e:bf:18:92:21:28:2a:a1:c8:f2:54:8f:f7:
    e8:b8:6c:f7:31:3c:a8:82:0e:ff:81:a5:a8:f1:37:
    65:cc:66:9b:b4:bf:a5:40:97:77:48:0d:77:2b:2a:
    0b:3a:6e:a8:82:fa:45:e5:15:63:59:47:be:ae:2d:
    3a:52:40:a7:c3:d8:5f:fb:8c:a9:be:3b:40:57:2b:
    2e:43:3e:0a:4a:6e:58:06:6c:35:f2:1a:d5:2a:0b:
    25:3d:89:33:ac:b7:5f:c9:38:7a:01:b2:5c:25:a5:
    ca:0e:1f:2b:d6:d4:23:6f:a2:06:ed:48:aa:d3:5a:
    3e:4c:ca:43:fc:d2:18:02:12:72:f1:ee:71:5f:15:
    c0:ce:e5:bc:09:aa:3b:3d:1c:b2:39:93:65:6a:43:
    1e:c9:15:58:48:d6:21:e6:90:1b:f5:65:61:d4:74:
    79:3d:ee:c4:ac:10:3a:4e:34:5c:98:00:4e:93:65:
    6d:fb:93:f0:37:27:3c:e1:86:ec:e4:93:c4:9b:bd:
    f7:5f:a6:9c:d1:89:44:ca:15:e8:49:32:5b:ec:98:
    69:0e:1a:79:24:f4:a6:1e:27:7f:63:d2:a8:78:40:
    fc:6d
publicExponent: 65537 (0x10001)
privateExponent:
    02:92:b4:97:8e:9f:d8:cc:0f:e1:8d:d7:ce:89:e3:
    c4:63:e4:05:11:ba:4e:8f:83:65:17:c5:78:8b:52:
    2f:98:f5:76:c7:90:7b:2d:d8:9c:87:d6:df:64:21:
    98:08:e4:ea:2f:63:70:d4:97:e5:4f:f1:40:8e:19:
    f2:17:76:8b:9d:13:1f:68:67:40:f3:32:67:8b:d2:
    34:cc:ba:1a:81:45:93:08:c5:05:ea:dc:03:ab:03:
    5c:1d:df:8a:71:c3:7f:2f:85:e6:c9:31:a0:04:e1:
    77:68:cb:d7:37:5b:58:10:01:8a:ea:8a:6f:6d:84:
    17:92:b9:87:d7:49:9f:d8:cc:65:47:f3:78:e2:bd:
    c3:53:11:e1:f4:c8:69:b0:b3:0c:3a:bf:c0:75:d1:
    be:a0:16:05:22:bb:92:cf:d9:46:95:e1:4b:26:12:
    9b:07:96:22:1a:6e:2a:76:63:4b:60:b1:8e:ad:bb:
    28:9f:5f:c3:a2:b0:78:37:16:ce:5f:3d:08:51:b4:
    3e:09:52:e4:25:e5:0d:fe:cb:11:f3:95:43:7d:5e:
    ff:89:5a:64:bb:cf:61:41:19:e1:79:f1:43:35:26:
    56:44:c4:ec:d1:5f:8c:a8:3f:35:cb:b5:38:dd:46:
    7a:6f:36:d7:3a:99:02:f9:b6:04:8d:5b:e0:d2:17:
    71
prime1:
    00:f8:c6:fa:44:2d:8a:30:27:68:2f:90:ad:53:da:
    55:40:11:6b:4b:0c:4f:fe:da:b1:80:b4:f3:bc:89:
    a4:d3:05:87:ba:fa:ba:bb:cf:18:ad:2a:64:0e:a1:
    5e:62:2b:71:7e:e2:da:1d:ab:17:c5:8b:08:e2:72:
    c1:2e:71:ba:d7:d5:f7:5f:64:4c:9f:5a:69:6f:ca:
    9f:6c:65:6c:c5:9f:79:29:ec:b5:88:7a:a5:a5:36:
    1b:1c:74:e2:15:65:91:01:b9:ce:60:25:3b:4c:36:
    01:26:74:82:e1:82:eb:e9:3b:f9:23:cd:7e:b1:10:
    0e:9d:a8:25:a3:ad:ac:4b:49
prime2:
    00:ba:72:a7:61:fa:6a:25:3a:bc:b4:6b:b4:ff:b2:
    eb:b2:70:fa:03:61:b7:18:66:f2:c3:a8:ec:62:08:
    39:72:e9:f7:20:2c:40:92:37:1e:3d:32:05:d1:7b:
    7d:cb:8a:37:51:73:fe:76:71:99:ac:a6:4b:f7:a8:
    f6:2c:59:60:7d:bc:ee:6f:e0:d9:6c:f3:ea:12:08:
    65:5c:b2:77:24:f9:b0:8d:a2:90:16:3d:3b:f1:6e:
    9c:37:26:8c:7c:41:a4:6f:23:37:53:dd:44:1a:f3:
    e9:e2:4d:ca:4a:b2:7b:bf:23:2a:5c:ba:9c:26:f5:
    6a:fd:54:f9:65:1f:a3:64:05
exponent1:
    00:8d:4d:37:49:12:34:b3:35:2e:d0:15:74:dd:73:
    dd:88:0e:5c:ca:bb:ab:94:2d:d3:34:2f:93:61:3b:
    2d:0b:4e:d0:d1:3b:28:65:14:34:07:e7:53:fd:9b:
    5a:68:98:14:56:e5:b2:cd:b7:28:41:63:bf:20:1f:
    dd:e9:eb:5f:1c:c8:c3:40:c3:4f:62:13:90:5f:96:
    cf:06:5a:75:75:aa:26:bf:d1:5b:2a:b1:be:f4:1f:
    cf:36:52:8d:37:6a:00:fa:e1:f6:7e:55:a7:60:9a:
    2b:fd:13:a0:63:46:61:88:90:2f:ea:4e:05:ef:bc:
    17:11:25:38:7b:c7:61:5d:41
exponent2:
    00:96:26:43:5a:0a:3a:75:24:ea:57:39:ee:17:85:
    d5:7e:6c:b1:4b:0b:e4:51:c8:86:74:bf:93:2e:17:
    85:7c:5f:a2:de:cc:04:6c:3b:eb:24:49:26:9a:5f:
    23:1d:49:7f:e7:1e:cc:ac:42:2c:09:f8:1a:71:a6:
    26:29:ed:08:61:fa:46:e2:de:66:fa:f1:2b:6d:be:
    49:32:ef:9e:37:ae:c5:5a:2a:b2:72:d6:79:71:a3:
    2c:36:d5:da:89:2e:ab:e7:bc:aa:8f:e5:3f:35:9d:
    7c:9a:fd:1e:8e:2d:52:ae:c8:f9:12:98:4d:ac:aa:
    33:b1:34:3f:6c:0a:a0:a0:a9
coefficient:
    78:b1:cc:5f:99:5e:fd:e3:07:0a:35:65:40:3b:9d:
    16:01:1d:f4:3d:58:1f:75:77:b1:36:e6:67:a3:45:
    06:8a:2c:cb:84:9b:b6:f3:16:28:ac:f9:75:57:46:
    52:c9:57:c3:af:5e:ae:0f:56:17:54:00:8f:fe:04:
    1e:dd:aa:2e:f4:44:09:40:79:15:e0:03:5d:b1:ba:
    e9:d3:95:46:96:6a:d9:98:39:17:e2:ae:9e:b6:6b:
    b0:d5:4b:fb:a5:05:47:c5:26:5b:6d:cd:08:b3:ba:
    cb:43:37:a5:bd:73:4f:4e:ab:9e:85:8a:94:7f:b1:
    91:2d:af:60:1c:77:fd:70

C:\links>openssl verify -verbose -CAfile ./server.pem ./server.pem
./server.pem: OK

@BagroSlave Could be a Windows thing with parsing the PEM file in the Python ssl library. You might want to try modifying the load_cert_chain line to specify the key file specifically, as discussed here. Maybe also seperate the key content into a different file from the cert, make sure the openssl command line can still parse both as with the commands above, and try either Windows or Linux line ending patterns in the PEM file in case thats causing a parsing error in Python ssl. If none of that works Im out of ideas.