Quantcast
Channel: Active questions tagged https - Stack Overflow
Viewing all articles
Browse latest Browse all 1582

HTTPS with python and own server apache

$
0
0

we have a python client (on windows) and an apache server (centos)We want to enable SSL connection between client and server so:

we generated certificate and private key like this on server:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out ./conf/server.crt -keyout ./conf/server.key -subj "......."

we have correctly configured httpd.conf and httpd-ssl.conf

And now on the client side we communicate with our server by providing the .crt and the .key

self.https = HTTPSConnection(host=self.host, port=self.port, key_file=self.key_file, cert_file=self.cert_file, context=self.context)content_type = 'application/json'body = json.dumps(valuesDico)self.https.putrequest('POST', self.page)self.https.putheader('Content-Type', content_type)self.https.putheader('Content-Length', str(len(body)))self.https.endheaders()self.https.send(body.encode('utf-8'))response = self.https.getresponse()

this works well, but I am a little surprised in terms of security to have to use the private key on the client side which will therefore be available on the workstation of all users

I tried to replace the private key with the public key on the client side but it doesn't work. In addition, the public key is normally already embedded in the certificate file.

is this a good practice ?


Viewing all articles
Browse latest Browse all 1582

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>