You are right Niphold, I am able to deploy the certificate and start the web server without using --ca-cert option,But I have to use X509 authentication and for that I have written below code :
*db.py :* from gluon.contrib.login_methods.x509_auth import X509Auth auth.settings.actions_disabled=['register','change_password', 'request_reset_password','profile'] auth.settings.login_form = X509Auth() *default.py:* @auth.requires_login() def index(): response.flash = T("Welcome to web2py!") return dict(message=T('Hello World')) And when I am calling application's index function through browser, its giving error saying *"Login not allowed. No valid x509 crentials"* On Tue, Nov 6, 2012 at 2:43 PM, Niphlod <niph...@gmail.com> wrote: > too much certificates there for ssl. one key, one cert. > ca-cert is used if you're willing to auth users through x509, but given > that your understanding on certificates is basic I'd say you don't need it. > > Il giorno martedì 6 novembre 2012 04:00:37 UTC+1, Amit ha scritto: >> >> Thanks for your response Ales, I used the openssl command to generate the >> certificates which Niphold has suggested me but when i tried to deploy it >> to Rocket sever using below command : >> >> *web2py.py --ssl_certificate=D:\certificates\server.crt >> --ssl_private_key=D:\certificates\server_key.key >> --ca-cert=D:\certificates\server.crt >> >> >> *It gives* * following warning on command prompt: >> >> *WARNING:web2py:unable to open SSL certificate. SSL is OFF >> >> *And below error on Mozilla Firefox browser:* >> * >> *SSL received a record that exceeded the maximum permissible length. >> >> (Error code: ssl_error_rx_record_too_long) >> >> *Hope this will help you to understand the problem.* >> >> *Thanks, >> Amit* >> * >> On Mon, Nov 5, 2012 at 5:17 PM, LightDot <ligh...@gmail.com> wrote: >> >>> One way I know of is the same Niphlod told you in his previous post - >>> use openssl to generate the certificate. He gave you the complete command >>> example, I don't know how to be clearer than that... >>> >>> http://www.openssl.org/**related/binaries.html<http://www.openssl.org/related/binaries.html> >>> >>> Regards, >>> Ales >>> >>> >>> >>> On Monday, November 5, 2012 12:40:28 PM UTC+1, Amit wrote: >>> >>>> I run the command to generate certificates: >>>> >>>> *web2py.py --ssl_certificate=D:\certificates\server.crt >>>> --ssl_private_key=D:\certificates\server_key.key >>>> --ca-cert=D:\certificates\server.crt* >>>> >>>> And when I run this, It gives warning message on command prompt: >>>> >>>> *WARNING:web2py:unable to open SSL certificate. SSL is OFF* >>>> >>>> and on browser it display following error message: >>>> >>>> *SSL received a record that exceeded the maximum permissible length. >>>> >>>> (Error code: ssl_error_rx_record_too_long)* >>>> >>>> >>>> So no idea, how to resolve this? >>>> >>>> Thanks, >>>> Amit >>>> >>>> >>>> >>>> On Mon, Nov 5, 2012 at 4:10 PM, Niphlod <nip...@gmail.com> wrote: >>>> >>>>> the usual >>>>> >>>>> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename >>>>> .key -out mysitename.crt >>>>> >>>>> works ok. >>>>> >>>>> Il giorno lunedì 5 novembre 2012 03:48:43 UTC+1, Amit ha scritto: >>>>>> >>>>>> Thanks Niphold for replying. How can I create server cetificate, CA >>>>>> certificate and client certificate without password? I am using simpatica >>>>>> application to create all these certificates on windows XP machine and >>>>>> this >>>>>> application doesn't allow to create certificates without password so if >>>>>> you >>>>>> know any other way to create these certificates without password on >>>>>> windows >>>>>> then please do share me. >>>>>> >>>>>> waiting for your response. >>>>>> >>>>>> Thanks, >>>>>> Amit >>>>>> >>>>>> On Fri, Nov 2, 2012 at 6:23 PM, Niphlod <nip...@gmail.com> wrote: >>>>>> >>>>>>> certs are supposed to be generated without passwords. Even in >>>>>>> apache, etc, if you protect them with a password it will be asked every >>>>>>> time the process is started, and web2py (rocket) doesn't support that. >>>>>>> >>>>>>> >>>>>>> On Friday, November 2, 2012 6:21:00 AM UTC+1, Amit wrote: >>>>>>>> >>>>>>>> Hi , >>>>>>>> >>>>>>>> I generated CA certificates, private key, server certificate and >>>>>>>> client certificate using “Simpatica” application developed in web2py. >>>>>>>> >>>>>>>> But when I tried to deploy the certificates to rocket server using >>>>>>>> below command on windows XP machine: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> D:\web2py2.1.1\web2py>web2py.**p******y --ssl_certificate=D:\** >>>>>>>> certifica******tes\server\cert.pe >>>>>>>> >>>>>>>> m --ssl_private_key=D:\**certifica******tes\private_key\**cacert.key >>>>>>>> --ca-cert=D:\certific >>>>>>>> >>>>>>>> ates\CA_certificate\cacrt.pem >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> It starts web2py server dialog asking about password and after >>>>>>>> giving password, it displays below information on the command prompt: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> No handlers could be found for logger "web2py" >>>>>>>> >>>>>>>> web2py Web Framework >>>>>>>> >>>>>>>> Created by Massimo Di Pierro, Copyright 2007-2012 >>>>>>>> >>>>>>>> Version 2.1.1 (2012-10-15 12:44:40) stable >>>>>>>> >>>>>>>> Database drivers available: SQLite(sqlite3), MySQL(pymysql), >>>>>>>> PostgreSQL(pg8000), >>>>>>>> >>>>>>>> IMAP(imaplib) >>>>>>>> >>>>>>>> please visit: >>>>>>>> >>>>>>>> https://127.0.0.1:8000 >>>>>>>> >>>>>>>> starting browser... >>>>>>>> >>>>>>>> Enter PEM pass phrase: >>>>>>>> >>>>>>>> Enter PEM pass phrase: >>>>>>>> >>>>>>>> Enter PEM pass phrase: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> As per the sequence of certificates on command line, I gave >>>>>>>> password for e.g. for cert.pem(server certificate file) , I have given >>>>>>>> Server@123, and for cacert.key(CA private key) and cacert.pem(CA >>>>>>>> certificate) , I have given test123. >>>>>>>> >>>>>>>> NOTE: These passwords are used while generating the respective >>>>>>>> certificates means for generating cert.pem , I used Server@123 and >>>>>>>> so on. >>>>>>>> >>>>>>>> So on above scenario , I have given password Server@123,test123 >>>>>>>> and test123 on command prompt but it is giving following error on >>>>>>>> browser: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *Secure Connection Failed >>>>>>>> >>>>>>>> An error occurred during a connection to 127.0.0.1:8000. >>>>>>>> >>>>>>>> Cannot communicate securely with peer: no common encryption >>>>>>>> algorithm(s). >>>>>>>> >>>>>>>> (Error code: ssl_error_no_cypher_overlap) >>>>>>>> >>>>>>>> The page you are trying to view cannot be shown because the >>>>>>>> authenticity of the received data could not be verified. >>>>>>>> Please contact the website owners to inform them of this problem. >>>>>>>> Alternatively, use the command found in the help menu to report this >>>>>>>> broken >>>>>>>> site.* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Could anyone please help me out to resolve this issue? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Amit >>>>>>>> >>>>>>> -- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>> >>> >>> >>> >> >> -- > > > > --