I think as a practical solution you should remove the password from the
server private key as Niphlod pointed out in this same thread.
BTW I suggest to use any of apache, nginx, cherokee, uwsgi and probably
other webservers instead of rocket and have them do the SSL/TLS part.
web2py auth code will
simpatiCA makes the client certificates already with needed fields.
Since you use openssl directly you can set all the fields you need in the
certificates by changing openssl.cnf in your openssl installation.
There is plenty of documentation on that.
OR you can extend the class X509Auth to fit
Amit,
in your model call the derived class
auth.settings.login_form = MyX509Auth()
2012/11/7 Michele Comitini michele.comit...@gmail.com
simpatiCA makes the client certificates already with needed fields.
Since you use openssl directly you can set all the fields you need in the
Amit,
A self was missing this should work:
class MyX509Auth(X509Auth):
def get_user(self):
self.subject.surname = put something here
X509Auth.get_user(self)
auth.settings.login_form = MyX509Auth()
2012/11/7 Michele Comitini michele.comit...@gmail.com
Amit,
in
Thanks Michele, I resolved the issue by overriding class X509Auth :), one
more clarification:
using openssl, i created CA certificates, private key then client and
server certificates with their private key signed by CA certificate,
everything is working fine except:
when I access My application
too much certificates there for ssl. one key, one cert.
ca-cert is used if you're willing to auth users through x509, but given
that your understanding on certificates is basic I'd say you don't need it.
Il giorno martedì 6 novembre 2012 04:00:37 UTC+1, Amit ha scritto:
Thanks for your
You are right Niphold, I am able to deploy the certificate and start the
web server without using --ca-cert option,But I have to use X509
authentication and for that I have written below code :
*db.py :*
from gluon.contrib.login_methods.x509_auth import X509Auth
hem... one thing is helping you to create certs and key for a SSL protected
webserver, quite another to help you managing a credential store (I really
don't have time for that).
You have problems on finding out what OpenSSL is and want to manage X509 ?
Really ?
Maybe it's time to read some
I suggest looking at code gluon/contrib/login_methods/x509_auth.py.
Basically you can extract anything from client supplied cert and use it
with the auth tables of web2py. That is really simple.
The tedious part id getting to know what stuff you can put in the cert.
That is more related to
Hi Michele,
I used Simpatica to generates the certificates but failed to deploy to the
web2py server, please check once the first mail in this mail chain where I
explained the problem in details.
Regards,
Amit
On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini michele.comit...@gmail.com
wrote:
What is your python version?
2012/11/6 Amit amit.khaw...@gmail.com
Hi Michele,
I used Simpatica to generates the certificates but failed to deploy to the
web2py server, please check once the first mail in this mail chain where I
explained the problem in details.
Regards,
Amit
On Tue,
I am using Python 2.7.2.
On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini michele.comit...@gmail.com
wrote:
What is your python version?
2012/11/6 Amit amit.khaw...@gmail.com
Hi Michele,
I used Simpatica to generates the certificates but failed to deploy to
the web2py server, please
https://github.com/web2py/web2py/blob/master/gluon/main.py#L824
The log seems to say that your certificate file is not there, or not
accessible
mic
2012/11/6 Amit amit.khaw...@gmail.com
I am using Python 2.7.2.
On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini
michele.comit...@gmail.com
I have used below link to generate server certificates, client certificates
and CA certificates, imported client and CA certificates to Mozilla
Firefox browser and then deploy server certificates and CA certificate to
the Rocket server :
D:\web2py2.1.1\web2pyweb2py.py -a password -i 127.0.0.1
self.subject.Email is [] i.e. an empty list. Check if that is the problem.
mic
Il giorno 06/nov/2012 14:32, Amit amit.khaw...@gmail.com ha scritto:
I have used below link to generate server certificates, client
certificates and CA certificates, imported client and CA certificates to
Hi,
I filled the email address in the certificate but what I think is problem
with surname , please check below the log:
*File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in
get_user at line 91* code arguments variables
Function argument list
the usual
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -
out mysitename.crt
works ok.
Il giorno lunedì 5 novembre 2012 03:48:43 UTC+1, Amit ha scritto:
Thanks Niphold for replying. How can I create server cetificate, CA
certificate and client certificate
I run the command to generate certificates:
*web2py.py --ssl_certificate=D:\certificates\server.crt
--ssl_private_key=D:\certificates\server_key.key
--ca-cert=D:\certificates\server.crt*
And when I run this, It gives warning message on command prompt:
*WARNING:web2py:unable to open SSL
One way I know of is the same Niphlod told you in his previous post - use
openssl to generate the certificate. He gave you the complete command
example, I don't know how to be clearer than that...
http://www.openssl.org/related/binaries.html
Regards,
Ales
On Monday, November 5, 2012 12:40:28
Thanks for your response Ales, I used the openssl command to generate the
certificates which Niphold has suggested me but when i tried to deploy it
to Rocket sever using below command :
*web2py.py --ssl_certificate=D:\certificates\server.crt
--ssl_private_key=D:\certificates\server_key.key
Thanks Niphold for replying. How can I create server cetificate, CA
certificate and client certificate without password? I am using simpatica
application to create all these certificates on windows XP machine and this
application doesn't allow to create certificates without password so if you
know
21 matches
Mail list logo
