How to implement valid https in web2py

Question

I am using the following web2py slice in attempt to use https for a service worker function in a page.

http://www.web2pyslices.com/slice/show/1507/generate-ssl-self-signed-certificate-and-key-enable-https-encryption-in-web2py

I have tried opening web2py with the following line (with and without [-i IP and -p PORT]):

python web2py.py -c myPath/ssl_certificate.crt -k myPath/ssl_self_signed.key -i 127.0.0.1 -p 8000

but https is declared 'not private' and is crossed out. Because of this, I am getting a SSL certificate error when the registration of the service worker is attempted.

Please indicate what is going wrong or whether more information is needed

If deploying to Google App Engine, SSL will be implemented through GAE's protocol — Phillip, Oct 29 '15 at 18:19

score 2 · Answer 1 · answered Apr 19 '18 at 20:52

The best way to use ssl with web2py is use of the deployment recipes with prodution-grade webservers like apache, nginx or Lighttpd.

Any of the mentioned scripts create a self-signed certificate, and then, you have to fix the generated server config files to a real certificate.

You can buy a real ssl certificate from any of many resellers or get for free from Let's Encript, if you have a real IP, like in a VPS or server.

A simple way to fix the config files is create a simbolic link from the real certificate to the one mentioned in the server config file.

To just test your service worker in your machine or a internal test server, just use a non-ssl port, or like Remco sugested, import the self-signed certificate to client environment.

score 1 · Accepted Answer · edited Oct 16 '15 at 23:10

1

You mention "https is declared 'not private' and is crossed out". This has to do with browsers disliking not trusted (self-signed) certificates, because that's what trust is all about. If any hacker could just make up a certificate and the https client wouldn't respond with at least a frown, you could still be hacked or sniffed without noticing. Since you don't mention any other error, I assume you get otherwise valid results from the web2py server?

If so, you have setup your self-signed certificate well. If you don't get any valid html response (outside your browsers complaint, of course), you still have an issue with the setup.

If your service worker won't accept the certificate, what you can do (in a test environment at least) is import the self-signed certificate into the machine or service worker certificate repository. The process differs per OS and version.

Hope this helps. If it doesn't, please provide more detail.

edited Oct 16 '15 at 23:10

Phillip

1,969
1
22
38

answered Oct 16 '15 at 22:27

Remco

425
3
10

I noticed [this question](http://stackoverflow.com/questions/27608922/self-signed-ssl-cert-for-localhost-how-to-make-trusted?rq=1) which is related if you use windows. – Remco Oct 17 '15 at 00:12
Any detail on how to 'importing self-signed certificates into a service worker certificate repository' would be helpful. – Phillip Oct 21 '15 at 17:25
Also, if anyone has experience with, or links on implementing https that is valid for all users, your suggestions would be appreciated – Phillip Oct 21 '15 at 17:31
1

[Here's a start](https://www.google.nl/search?hl=nl&q=how+to+install+an+http+certificate&meta=&aq=f&oq=&gws_rd=ssl) it all depends on your server, your certificate and your setup. – Remco Oct 23 '15 at 23:33
Is your question windows related Philip? In that case you can try and start with [this](http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx). – Remco Oct 23 '15 at 23:34

How to implement valid https in web2py

2 Answers2