too much certificates there for ssl. one key, one cert. ca-cert is used if you're willing to auth users through x509, but given that your understanding on certificates is basic I'd say you don't need it.
Il giorno martedì 6 novembre 2012 04:00:37 UTC+1, Amit ha scritto: > > Thanks for your response Ales, I used the openssl command to generate the > certificates which Niphold has suggested me but when i tried to deploy it > to Rocket sever using below command : > > *web2py.py --ssl_certificate=D:\certificates\server.crt > --ssl_private_key=D:\certificates\server_key.key > --ca-cert=D:\certificates\server.crt > > > *It gives* * following warning on command prompt: > > *WARNING:web2py:unable to open SSL certificate. SSL is OFF > > *And below error on Mozilla Firefox browser:* > * > *SSL received a record that exceeded the maximum permissible length. > > (Error code: ssl_error_rx_record_too_long) > > *Hope this will help you to understand the problem.* > > *Thanks, > Amit* > * > On Mon, Nov 5, 2012 at 5:17 PM, LightDot <ligh...@gmail.com > <javascript:>>wrote: > >> One way I know of is the same Niphlod told you in his previous post - use >> openssl to generate the certificate. He gave you the complete command >> example, I don't know how to be clearer than that... >> >> http://www.openssl.org/related/binaries.html >> >> Regards, >> Ales >> >> >> >> On Monday, November 5, 2012 12:40:28 PM UTC+1, Amit wrote: >> >>> I run the command to generate certificates: >>> >>> *web2py.py --ssl_certificate=D:\certificates\server.crt >>> --ssl_private_key=D:\certificates\server_key.key >>> --ca-cert=D:\certificates\server.crt* >>> >>> And when I run this, It gives warning message on command prompt: >>> >>> *WARNING:web2py:unable to open SSL certificate. SSL is OFF* >>> >>> and on browser it display following error message: >>> >>> *SSL received a record that exceeded the maximum permissible length. >>> >>> (Error code: ssl_error_rx_record_too_long)* >>> >>> >>> So no idea, how to resolve this? >>> >>> Thanks, >>> Amit >>> >>> >>> >>> On Mon, Nov 5, 2012 at 4:10 PM, Niphlod <nip...@gmail.com> wrote: >>> >>>> the usual >>>> >>>> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key >>>> -out mysitename.crt >>>> >>>> works ok. >>>> >>>> Il giorno lunedì 5 novembre 2012 03:48:43 UTC+1, Amit ha scritto: >>>>> >>>>> Thanks Niphold for replying. How can I create server cetificate, CA >>>>> certificate and client certificate without password? I am using simpatica >>>>> application to create all these certificates on windows XP machine and >>>>> this >>>>> application doesn't allow to create certificates without password so if >>>>> you >>>>> know any other way to create these certificates without password on >>>>> windows >>>>> then please do share me. >>>>> >>>>> waiting for your response. >>>>> >>>>> Thanks, >>>>> Amit >>>>> >>>>> On Fri, Nov 2, 2012 at 6:23 PM, Niphlod <nip...@gmail.com> wrote: >>>>> >>>>>> certs are supposed to be generated without passwords. Even in apache, >>>>>> etc, if you protect them with a password it will be asked every time the >>>>>> process is started, and web2py (rocket) doesn't support that. >>>>>> >>>>>> >>>>>> On Friday, November 2, 2012 6:21:00 AM UTC+1, Amit wrote: >>>>>>> >>>>>>> Hi , >>>>>>> >>>>>>> I generated CA certificates, private key, server certificate and >>>>>>> client certificate using “Simpatica” application developed in web2py. >>>>>>> >>>>>>> But when I tried to deploy the certificates to rocket server using >>>>>>> below command on windows XP machine: >>>>>>> >>>>>>> >>>>>>> >>>>>>> D:\web2py2.1.1\web2py>web2py.**p****y --ssl_certificate=D:\** >>>>>>> certifica****tes\server\cert.pe >>>>>>> >>>>>>> m --ssl_private_key=D:\**certifica****tes\private_key\**cacert.key >>>>>>> --ca-cert=D:\certific >>>>>>> >>>>>>> ates\CA_certificate\cacrt.pem >>>>>>> >>>>>>> >>>>>>> >>>>>>> It starts web2py server dialog asking about password and after >>>>>>> giving password, it displays below information on the command prompt: >>>>>>> >>>>>>> >>>>>>> >>>>>>> No handlers could be found for logger "web2py" >>>>>>> >>>>>>> web2py Web Framework >>>>>>> >>>>>>> Created by Massimo Di Pierro, Copyright 2007-2012 >>>>>>> >>>>>>> Version 2.1.1 (2012-10-15 12:44:40) stable >>>>>>> >>>>>>> Database drivers available: SQLite(sqlite3), MySQL(pymysql), >>>>>>> PostgreSQL(pg8000), >>>>>>> >>>>>>> IMAP(imaplib) >>>>>>> >>>>>>> please visit: >>>>>>> >>>>>>> https://127.0.0.1:8000 >>>>>>> >>>>>>> starting browser... >>>>>>> >>>>>>> Enter PEM pass phrase: >>>>>>> >>>>>>> Enter PEM pass phrase: >>>>>>> >>>>>>> Enter PEM pass phrase: >>>>>>> >>>>>>> >>>>>>> >>>>>>> As per the sequence of certificates on command line, I gave password >>>>>>> for e.g. for cert.pem(server certificate file) , I have given >>>>>>> Server@123, >>>>>>> and for cacert.key(CA private key) and cacert.pem(CA certificate) , I >>>>>>> have >>>>>>> given test123. >>>>>>> >>>>>>> NOTE: These passwords are used while generating the respective >>>>>>> certificates means for generating cert.pem , I used Server@123 and so >>>>>>> on. >>>>>>> >>>>>>> So on above scenario , I have given password Server@123,test123 and >>>>>>> test123 on command prompt but it is giving following error on browser: >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Secure Connection Failed >>>>>>> >>>>>>> An error occurred during a connection to 127.0.0.1:8000. >>>>>>> >>>>>>> Cannot communicate securely with peer: no common encryption >>>>>>> algorithm(s). >>>>>>> >>>>>>> (Error code: ssl_error_no_cypher_overlap) >>>>>>> >>>>>>> The page you are trying to view cannot be shown because the >>>>>>> authenticity of the received data could not be verified. >>>>>>> Please contact the website owners to inform them of this problem. >>>>>>> Alternatively, use the command found in the help menu to report this >>>>>>> broken >>>>>>> site.* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Could anyone please help me out to resolve this issue? >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Amit >>>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>> >>>> >>>> >>>> >>> >>> -- >> >> >> >> > > --
