You are right Niphold, I am able to deploy the certificate and start the
web server without using --ca-cert option,But I have to use X509
authentication and for that I have written below code :
*db.py :*
from gluon.contrib.login_methods.x509_auth import X509Auth
auth.settings.actions_disabled=['register','change_password',
'request_reset_password','profile']
auth.settings.login_form = X509Auth()
*default.py:*
@auth.requires_login()
def index():
response.flash = T("Welcome to web2py!")
return dict(message=T('Hello World'))
And when I am calling application's index function through browser, its
giving error saying *"Login not allowed. No valid x509 crentials"*
On Tue, Nov 6, 2012 at 2:43 PM, Niphlod <niph...@gmail.com> wrote:
> too much certificates there for ssl. one key, one cert.
> ca-cert is used if you're willing to auth users through x509, but given
> that your understanding on certificates is basic I'd say you don't need it.
>
> Il giorno martedì 6 novembre 2012 04:00:37 UTC+1, Amit ha scritto:
>>
>> Thanks for your response Ales, I used the openssl command to generate the
>> certificates which Niphold has suggested me but when i tried to deploy it
>> to Rocket sever using below command :
>>
>> *web2py.py --ssl_certificate=D:\certificates\server.crt
>> --ssl_private_key=D:\certificates\server_key.key
>> --ca-cert=D:\certificates\server.crt
>>
>>
>> *It gives* * following warning on command prompt:
>>
>> *WARNING:web2py:unable to open SSL certificate. SSL is OFF
>>
>> *And below error on Mozilla Firefox browser:*
>> *
>> *SSL received a record that exceeded the maximum permissible length.
>>
>> (Error code: ssl_error_rx_record_too_long)
>>
>> *Hope this will help you to understand the problem.*
>>
>> *Thanks,
>> Amit*
>> *
>> On Mon, Nov 5, 2012 at 5:17 PM, LightDot <ligh...@gmail.com> wrote:
>>
>>> One way I know of is the same Niphlod told you in his previous post -
>>> use openssl to generate the certificate. He gave you the complete command
>>> example, I don't know how to be clearer than that...
>>>
>>> http://www.openssl.org/**related/binaries.html<http://www.openssl.org/related/binaries.html>
>>>
>>> Regards,
>>> Ales
>>>
>>>
>>>
>>> On Monday, November 5, 2012 12:40:28 PM UTC+1, Amit wrote:
>>>
>>>> I run the command to generate certificates:
>>>>
>>>> *web2py.py --ssl_certificate=D:\certificates\server.crt
>>>> --ssl_private_key=D:\certificates\server_key.key
>>>> --ca-cert=D:\certificates\server.crt*
>>>>
>>>> And when I run this, It gives warning message on command prompt:
>>>>
>>>> *WARNING:web2py:unable to open SSL certificate. SSL is OFF*
>>>>
>>>> and on browser it display following error message:
>>>>
>>>> *SSL received a record that exceeded the maximum permissible length.
>>>>
>>>> (Error code: ssl_error_rx_record_too_long)*
>>>>
>>>>
>>>> So no idea, how to resolve this?
>>>>
>>>> Thanks,
>>>> Amit
>>>>
>>>>
>>>>
>>>> On Mon, Nov 5, 2012 at 4:10 PM, Niphlod <nip...@gmail.com> wrote:
>>>>
>>>>> the usual
>>>>>
>>>>> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename
>>>>> .key -out mysitename.crt
>>>>>
>>>>> works ok.
>>>>>
>>>>> Il giorno lunedì 5 novembre 2012 03:48:43 UTC+1, Amit ha scritto:
>>>>>>
>>>>>> Thanks Niphold for replying. How can I create server cetificate, CA
>>>>>> certificate and client certificate without password? I am using simpatica
>>>>>> application to create all these certificates on windows XP machine and
>>>>>> this
>>>>>> application doesn't allow to create certificates without password so if
>>>>>> you
>>>>>> know any other way to create these certificates without password on
>>>>>> windows
>>>>>> then please do share me.
>>>>>>
>>>>>> waiting for your response.
>>>>>>
>>>>>> Thanks,
>>>>>> Amit
>>>>>>
>>>>>> On Fri, Nov 2, 2012 at 6:23 PM, Niphlod <nip...@gmail.com> wrote:
>>>>>>
>>>>>>> certs are supposed to be generated without passwords. Even in
>>>>>>> apache, etc, if you protect them with a password it will be asked every
>>>>>>> time the process is started, and web2py (rocket) doesn't support that.
>>>>>>>
>>>>>>>
>>>>>>> On Friday, November 2, 2012 6:21:00 AM UTC+1, Amit wrote:
>>>>>>>>
>>>>>>>> Hi ,
>>>>>>>>
>>>>>>>> I generated CA certificates, private key, server certificate and
>>>>>>>> client certificate using “Simpatica” application developed in web2py.
>>>>>>>>
>>>>>>>> But when I tried to deploy the certificates to rocket server using
>>>>>>>> below command on windows XP machine:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> D:\web2py2.1.1\web2py>web2py.**p******y --ssl_certificate=D:\**
>>>>>>>> certifica******tes\server\cert.pe
>>>>>>>>
>>>>>>>> m --ssl_private_key=D:\**certifica******tes\private_key\**cacert.key
>>>>>>>> --ca-cert=D:\certific
>>>>>>>>
>>>>>>>> ates\CA_certificate\cacrt.pem
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> It starts web2py server dialog asking about password and after
>>>>>>>> giving password, it displays below information on the command prompt:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> No handlers could be found for logger "web2py"
>>>>>>>>
>>>>>>>> web2py Web Framework
>>>>>>>>
>>>>>>>> Created by Massimo Di Pierro, Copyright 2007-2012
>>>>>>>>
>>>>>>>> Version 2.1.1 (2012-10-15 12:44:40) stable
>>>>>>>>
>>>>>>>> Database drivers available: SQLite(sqlite3), MySQL(pymysql),
>>>>>>>> PostgreSQL(pg8000),
>>>>>>>>
>>>>>>>> IMAP(imaplib)
>>>>>>>>
>>>>>>>> please visit:
>>>>>>>>
>>>>>>>> https://127.0.0.1:8000
>>>>>>>>
>>>>>>>> starting browser...
>>>>>>>>
>>>>>>>> Enter PEM pass phrase:
>>>>>>>>
>>>>>>>> Enter PEM pass phrase:
>>>>>>>>
>>>>>>>> Enter PEM pass phrase:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> As per the sequence of certificates on command line, I gave
>>>>>>>> password for e.g. for cert.pem(server certificate file) , I have given
>>>>>>>> Server@123, and for cacert.key(CA private key) and cacert.pem(CA
>>>>>>>> certificate) , I have given test123.
>>>>>>>>
>>>>>>>> NOTE: These passwords are used while generating the respective
>>>>>>>> certificates means for generating cert.pem , I used Server@123 and
>>>>>>>> so on.
>>>>>>>>
>>>>>>>> So on above scenario , I have given password Server@123,test123
>>>>>>>> and test123 on command prompt but it is giving following error on
>>>>>>>> browser:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Secure Connection Failed
>>>>>>>>
>>>>>>>> An error occurred during a connection to 127.0.0.1:8000.
>>>>>>>>
>>>>>>>> Cannot communicate securely with peer: no common encryption
>>>>>>>> algorithm(s).
>>>>>>>>
>>>>>>>> (Error code: ssl_error_no_cypher_overlap)
>>>>>>>>
>>>>>>>> The page you are trying to view cannot be shown because the
>>>>>>>> authenticity of the received data could not be verified.
>>>>>>>> Please contact the website owners to inform them of this problem.
>>>>>>>> Alternatively, use the command found in the help menu to report this
>>>>>>>> broken
>>>>>>>> site.*
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Could anyone please help me out to resolve this issue?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Amit
>>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>
>>>
>>>
>>>
>>
>> --
>
>
>
>
--
