Hello~ Thanks for your fast reply. No, it doesn't ask for password, just a single line with "writing RSA kay", then mypha-nopasswd.key appeared. If my key is not in PEM Format, can openssl with simple commands to switch it to? Or I should re-do the self-signed process with some certain key-words / parameters? And what you mean about Python 2.x's SSL module doesn't support cert directories ? Can you be more specific about that ^^. Do you mean parameters with certfile and keyfile those two should put together or CA certificate need to be chained with other CA? Thanks. Kay
> To: python-list@python.org > From: li...@cheimes.de > Subject: Re: Localhost client-server simple ssl socket test program problems > Date: Thu, 15 Dec 2011 21:19:14 +0100 > > Am 15.12.2011 21:09, schrieb Yang Chun-Kai: > > Thanks for tips. > > > > But I dont understand one thing is if Python's SSL lib doesn't support > > encrypted private keys for sockets. > > > > Then why should we "encrypt" the private key with "openssl rsa -in > > /etc/home/ckyang/PHA/testsslsocket/mypha.key -out > > > > /etc/home/ckyang/PHA/testsslsocket/mypha-nopasswd.key" again? > > > > Shouldn't that be decrypted? > > > > And also this solution is not the right one , I use mypha-nopasswd.key > > replace the original one, still not work. > > IIRC the command should decrypt the key. Did it prompt for a password? > > The error could be caused by other issues. For example the key and cert > must be in PEM Format. The PKS#12 isn't supported. I'm not sure if > Python's builtin SSL module loads DER certs. > > You may also missing a valid CA cert chain. Python 2.x's SSL module > doesn't support cert directories so you have to provide a chain file. > The certs in the chain file must be in the right order, too. > > Christian > > -- > http://mail.python.org/mailman/listinfo/python-list
-- http://mail.python.org/mailman/listinfo/python-list
