我想在我的扭曲服务器上使用let加密,但在最新的Chrome for Android上,我收到:
the identity of this website has not been verified
关于Ubuntu的最新Firefox的类似消息。
来自ssllabs.com的我的SSL报告:
此服务器的证书链不完整。等级上限为B.
我的相关代码:
from OpenSSL import crypto
from twisted.internet import ssl
privkey=open('/etc/letsencrypt/live/mindolia.com/privkey.pem', 'rt').read()
certif=open('/etc/letsencrypt/live/mindolia.com/fullchain.pem', 'rt').read()
privkeypyssl=crypto.load_privatekey(crypto.FILETYPE_PEM,privkey)
certifpyssl=crypto.load_certificate(crypto.FILETYPE_PEM,certif)
contextFactory=ssl.CertificateOptions(privateKey=privkeypyssl, certificate=certifpyssl)
答案 0 :(得分:1)
创建包含链证书的CertificateOptions的最简单方法是使用pem库,如下所示:
from pem.twisted import certificateOptionsFromFiles
contextFactory = certificateOptionsFromFiles(
'/etc/letsencrypt/live/mindolia.com/privkey.pem',
'/etc/letsencrypt/live/mindolia.com/fullchain.pem')
此外,对于直接让我们加密与Twisted集成,您可以使用txacme,前提是您的Twisted应用程序在端口443上运行(或端口443转发给它)。
答案 1 :(得分:0)
from OpenSSL import crypto
from twisted.internet import ssl
privkey=open('/etc/letsencrypt/live/mindolia.com/privkey.pem', 'rt').read()
certif=open('/etc/letsencrypt/live/mindolia.com/cert.pem', 'rt').read()
chain=open('/etc/letsencrypt/live/mindolia.com/chain.pem', 'rt').read()
privkeypyssl=crypto.load_privatekey(crypto.FILETYPE_PEM,privkey)
certifpyssl=crypto.load_certificate(crypto.FILETYPE_PEM,certif)
chainpyssl=[crypto.load_certificate(crypto.FILETYPE_PEM,chain)]
contextFactory=ssl.CertificateOptions(privateKey=privkeypyssl,certificate=certifpyssl,extraCertChain=chainpyssl)