we have a python client (on windows) and an apache server (centos)We want to enable SSL connection between client and server so:
we generated certificate and private key like this on server:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out ./conf/server.crt -keyout ./conf/server.key -subj "......."
we have correctly configured httpd.conf and httpd-ssl.conf
And now on the client side we communicate with our server by providing the .crt and the .key
self.https = HTTPSConnection(host=self.host, port=self.port, key_file=self.key_file, cert_file=self.cert_file, context=self.context)content_type = 'application/json'body = json.dumps(valuesDico)self.https.putrequest('POST', self.page)self.https.putheader('Content-Type', content_type)self.https.putheader('Content-Length', str(len(body)))self.https.endheaders()self.https.send(body.encode('utf-8'))response = self.https.getresponse()
this works well, but I am a little surprised in terms of security to have to use the private key on the client side which will therefore be available on the workstation of all users
I tried to replace the private key with the public key on the client side but it doesn't work. In addition, the public key is normally already embedded in the certificate file.
is this a good practice ?