Thanks for your response Ales, I used the openssl command to generate the certificates which Niphold has suggested me but when i tried to deploy it to Rocket sever using below command :
*web2py.py --ssl_certificate=D:\certificates\server.crt --ssl_private_key=D:\certificates\server_key.key --ca-cert=D:\certificates\server.crt *It gives* * following warning on command prompt: *WARNING:web2py:unable to open SSL certificate. SSL is OFF *And below error on Mozilla Firefox browser:* * *SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) *Hope this will help you to understand the problem.* *Thanks, Amit* * On Mon, Nov 5, 2012 at 5:17 PM, LightDot <[email protected]> wrote: > One way I know of is the same Niphlod told you in his previous post - use > openssl to generate the certificate. He gave you the complete command > example, I don't know how to be clearer than that... > > http://www.openssl.org/related/binaries.html > > Regards, > Ales > > > > On Monday, November 5, 2012 12:40:28 PM UTC+1, Amit wrote: > >> I run the command to generate certificates: >> >> *web2py.py --ssl_certificate=D:\certificates\server.crt >> --ssl_private_key=D:\certificates\server_key.key >> --ca-cert=D:\certificates\server.crt* >> >> And when I run this, It gives warning message on command prompt: >> >> *WARNING:web2py:unable to open SSL certificate. SSL is OFF* >> >> and on browser it display following error message: >> >> *SSL received a record that exceeded the maximum permissible length. >> >> (Error code: ssl_error_rx_record_too_long)* >> >> >> So no idea, how to resolve this? >> >> Thanks, >> Amit >> >> >> >> On Mon, Nov 5, 2012 at 4:10 PM, Niphlod <[email protected]> wrote: >> >>> the usual >>> >>> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key >>> -out mysitename.crt >>> >>> works ok. >>> >>> Il giorno lunedì 5 novembre 2012 03:48:43 UTC+1, Amit ha scritto: >>>> >>>> Thanks Niphold for replying. How can I create server cetificate, CA >>>> certificate and client certificate without password? I am using simpatica >>>> application to create all these certificates on windows XP machine and this >>>> application doesn't allow to create certificates without password so if you >>>> know any other way to create these certificates without password on windows >>>> then please do share me. >>>> >>>> waiting for your response. >>>> >>>> Thanks, >>>> Amit >>>> >>>> On Fri, Nov 2, 2012 at 6:23 PM, Niphlod <[email protected]> wrote: >>>> >>>>> certs are supposed to be generated without passwords. Even in apache, >>>>> etc, if you protect them with a password it will be asked every time the >>>>> process is started, and web2py (rocket) doesn't support that. >>>>> >>>>> >>>>> On Friday, November 2, 2012 6:21:00 AM UTC+1, Amit wrote: >>>>>> >>>>>> Hi , >>>>>> >>>>>> I generated CA certificates, private key, server certificate and >>>>>> client certificate using “Simpatica” application developed in web2py. >>>>>> >>>>>> But when I tried to deploy the certificates to rocket server using >>>>>> below command on windows XP machine: >>>>>> >>>>>> >>>>>> >>>>>> D:\web2py2.1.1\web2py>web2py.**p****y --ssl_certificate=D:\** >>>>>> certifica****tes\server\cert.pe >>>>>> >>>>>> m --ssl_private_key=D:\**certifica****tes\private_key\**cacert.key >>>>>> --ca-cert=D:\certific >>>>>> >>>>>> ates\CA_certificate\cacrt.pem >>>>>> >>>>>> >>>>>> >>>>>> It starts web2py server dialog asking about password and after giving >>>>>> password, it displays below information on the command prompt: >>>>>> >>>>>> >>>>>> >>>>>> No handlers could be found for logger "web2py" >>>>>> >>>>>> web2py Web Framework >>>>>> >>>>>> Created by Massimo Di Pierro, Copyright 2007-2012 >>>>>> >>>>>> Version 2.1.1 (2012-10-15 12:44:40) stable >>>>>> >>>>>> Database drivers available: SQLite(sqlite3), MySQL(pymysql), >>>>>> PostgreSQL(pg8000), >>>>>> >>>>>> IMAP(imaplib) >>>>>> >>>>>> please visit: >>>>>> >>>>>> https://127.0.0.1:8000 >>>>>> >>>>>> starting browser... >>>>>> >>>>>> Enter PEM pass phrase: >>>>>> >>>>>> Enter PEM pass phrase: >>>>>> >>>>>> Enter PEM pass phrase: >>>>>> >>>>>> >>>>>> >>>>>> As per the sequence of certificates on command line, I gave password >>>>>> for e.g. for cert.pem(server certificate file) , I have given Server@123, >>>>>> and for cacert.key(CA private key) and cacert.pem(CA certificate) , I >>>>>> have >>>>>> given test123. >>>>>> >>>>>> NOTE: These passwords are used while generating the respective >>>>>> certificates means for generating cert.pem , I used Server@123 and >>>>>> so on. >>>>>> >>>>>> So on above scenario , I have given password Server@123,test123 and >>>>>> test123 on command prompt but it is giving following error on browser: >>>>>> >>>>>> >>>>>> >>>>>> *Secure Connection Failed >>>>>> >>>>>> An error occurred during a connection to 127.0.0.1:8000. >>>>>> >>>>>> Cannot communicate securely with peer: no common encryption >>>>>> algorithm(s). >>>>>> >>>>>> (Error code: ssl_error_no_cypher_overlap) >>>>>> >>>>>> The page you are trying to view cannot be shown because the >>>>>> authenticity of the received data could not be verified. >>>>>> Please contact the website owners to inform them of this problem. >>>>>> Alternatively, use the command found in the help menu to report this >>>>>> broken >>>>>> site.* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Could anyone please help me out to resolve this issue? >>>>>> >>>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>> Amit >>>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>> >>> >>> >>> >> >> -- > > > > --
