I freely admit that I don't understand how https, SSL, and public key infrastructure works. It doesn't seem like it should be hard to use but whenever I try, things don't work.
For instance, I wanted to access the admin interface for my web2py application on a remote host. My thought was that I don't need to buy an SSL certificate because I trust myself, for the most part. The web2py command line allows the user to specify an SSL certificate (-c) and a private key (-k). I figured one of these would work. So I made a self-signed certificate according to some instructions I found online: openssl genrsa -des3 -out server.key 1024 server.key is a private key openssl req -new -key server.key -out server.csr server.csr is a certificate signing request cp server.key server.key.org save off the server key openssl rsa -in server.key.org -out server.key create a derivative key that doesn't need a passphrase openssl rsa -in server.key.org -out server.key create the self-signed certificate, server.crt Then I used the certificate to start the rocket server: python web2py.py -p 8001 -a '<recycle>' -c server.crt But when I tried to access the page: https://127.0.0.1:8001 I get a browser error: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. Since I don't know what I"m doing, I tried some experiments: python web2py.py -p 8001 -a '<recycle>' -k server.key and python web2py.py -p 8001 -a '<recycle>' -c server.crt -k server.key all to no avail. Thinking that maybe the browser (Chrome) doesn't know to trust the certificate, I went to the preferences window -> https/ssl -> manage certificates... which launches Keychain Access on my Macintosh. I tried to import the new self-signed certificate into Keychain Access so that I could mark it as trusted but I got an error (the not very helpful: "an error has occurred. Unable to import an item." with nothing logged in the console) So I tried it the other way. I created a certificate in Keychain access, marked it trusted for SSL and then exported it. I used the certificate to start the browser: python web2py.py -p 8001 -a '<recycle>' -c new.crt Again failure. So what am I doing wrong? As a bonus question, is there a place to go learn about these issues? I've looked around and I can't find either a website or a book that can explain to me how SSL, CAs, and PKI works. The information must be out there, maybe even in a gentle, understandable form.