Thanks for your help, Anthony. I pulled out the openssl commands and made a private key and an ssl certificate, but I couldn't get them to work with the rocket server. In fact, when I started up the server, it wouldn't serve any pages at all.
I used this command: nohup sudo python web2py.py -a '<recycle>' -i 0.0.0.0 -p 80 -c self_signed.cert -k self_signed.key So I just ran the ubuntu+apache+web2py script and let apache serve my web app. It was painless, and it's probably a better approach for my purposes than using rocket. But still, I wish I knew the answer. There are times when it is easier to run the development server and it would be better to be able to test using both http and https. Am I mis-using the command line arguments? For instance, looking at my command line, I am wondering how to tell the server to respond on both port 80 and 423? Or perhaps this is web2py bug and it isn't able to serve up https. On Mar 1, 8:09 pm, Anthony <abasta...@gmail.com> wrote: > There are scripts for setting up web2py on Ubuntu with Apache > (http://code.google.com/p/web2py/source/browse/scripts/setup-web2py-ub...) > and Nginx/uwsgi > (http://code.google.com/p/web2py/source/browse/scripts/setup-web2py-ng...), > both of which include commands for creating a self-signed certificate using > OpenSSL -- perhaps you can look at them for some guidance. > > Anthony > > > > > > > > On Thursday, March 1, 2012 8:48:08 PM UTC-5, David Phillips wrote: > > > I freely admit that I don't understand how https, SSL, and public key > > infrastructure works. It doesn't seem like it should be hard to use > > but whenever I try, things don't work. > > > For instance, I wanted to access the admin interface for my web2py > > application on a remote host. My thought was that I don't need to buy > > an SSL certificate because I trust myself, for the most part. The > > web2py command line allows the user to specify an SSL certificate (-c) > > and a private key (-k). I figured one of these would work. > > > So I made a self-signed certificate according to some instructions I > > found online: > > > openssl genrsa -des3 -out server.key 1024 > > server.key is a private key > > openssl req -new -key server.key -out server.csr > > server.csr is a certificate signing request > > cp server.key server.key.org > > save off the server key > > openssl rsa -in server.key.org -out server.key > > create a derivative key that doesn't need a passphrase > > openssl rsa -in server.key.org -out server.key > > create the self-signed certificate, server.crt > > > Then I used the certificate to start the rocket server: > > python web2py.py -p 8001 -a '<recycle>' -c server.crt > > > But when I tried to access the page: > > https://127.0.0.1:8001 > > I get a browser error: > > Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. > > > Since I don't know what I"m doing, I tried some experiments: > > python web2py.py -p 8001 -a '<recycle>' -k server.key > > > and > > > python web2py.py -p 8001 -a '<recycle>' -c server.crt -k > > server.key > > > all to no avail. > > > Thinking that maybe the browser (Chrome) doesn't know to trust the > > certificate, I went to the preferences window -> https/ssl -> manage > > certificates... which launches Keychain Access on my Macintosh. I > > tried to import the new self-signed certificate into Keychain Access > > so that I could mark it as trusted but I got an error (the not very > > helpful: "an error has occurred. Unable to import an item." with > > nothing logged in the console) > > > So I tried it the other way. I created a certificate in Keychain > > access, marked it trusted for SSL and then exported it. I used the > > certificate to start the browser: > > > python web2py.py -p 8001 -a '<recycle>' -c new.crt > > > Again failure. > > > So what am I doing wrong? > > > As a bonus question, is there a place to go learn about these issues? > > I've looked around and I can't find either a website or a book that > > can explain to me how SSL, CAs, and PKI works. The information must be > > out there, maybe even in a gentle, understandable form.
