ssl,web2py , How to use the Comodo certificate in Web2py?

How to use the Comodo certificate in Web2py?


Tag: ssl,web2py

When using web2py, it asks a single ssl certificate file.

But what I got from Comodo are two files, one .crt file and one .ca-bundle file.

I tried with using only provide the .crt file when setting up web2py, in the beginning it works. But when I go to my website another day, it shows "This certificate cannot be verified up to a trusted certification authority."

My suspicion is that this is related to the case of not using the .ca-bundle file. So anyone knows how to use both files in web2py settings?


Finally got it working!

It turns out to be the Web2py 'One step production deployment' script is not complete. It leaves out the 'SSLCertificateChainFile' option when it configures the Apache server.

So by adding this line:

SSLCertificateChainFile = path_to_your_ca-bundle_file

Below the line 'SSLCertificateKeyFile /etc/apache2/ssl/self_signed.key' will do the work.


Websocket SSL connection

I am trying to test a secure websocket but I'm having trouble. Here is my test: var WebSocket = require('ws'); describe('testing Web Socket', function() { it('should do stuff', function(done) { var ws = new WebSocket('wss://localhost:15449/', { protocolVersion: 8, origin: 'https://localhost:15449' }); ws.on('open', function() { console.log('open!!!'); done(); }); console.log(ws); }); });...

SSLV3_ALERT_HANDSHAKE_FAILURE with SNI using Tornado 4.2 in Python 2.9.10

I have an issue setting the SNI flag correctly using ssl.SSLContext in Python 2.7.10, the handshake fails every time and I can't figure out why. Here is how I tried to do it: import ssl import socket if ssl.HAS_SNI: print "SNI is available" print(ssl.OPENSSL_VERSION) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.load_cert_chain('cacrt.pem', 'cakey.pem', 'password')...

Wildcard SSL - Which to chose and what is the key differences?

I have been left in confusion for quite some time in deciding which CA should i approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer....

Subject Alternative Name not present in certificate

I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

wget ssl alert handshake failure

I am trying to download files from an https site and keep getting the following error: OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Unable to establish SSL connection. From reading blogs online I gather I have to provide the server cert and the client cert. I have found steps on how...

How can i get Certificate issuer information in python?

I want the 'issued to' information from certificate in python. I try to use the SSL and SSLSocket library but did not happen. ...

SecKeyRawVerify verifies on mac but fails with -9809 on iOS

I need to digitally sign on mac some data and then verify it on iOS. So I generated RSA keypair and certificate for public key in DER format with open ssl (tried generation with SecKeyGeneratePair but then it is harder to import Public key to iOS and SecKeyRawVerify still doesn't...

Wildfly mysql with SSL

I have a web app using a mysql database as its data store. It is currently running in Glassfish and talking to that mysql database with SSL. I am thinking about migrating to Wildfly but I can't seem to create a Wildfly datasource that will talk to the mysql database...

Authenticate with through PHP cURL (SSL connect error)

I am trying to extract data from a Micorosft Dynamics CRM 2015 with PHP. From various sources i learned that i had to start with an authentication with I am sending an XML request using cURL that results in a SSL connect error. The XML request: <s:Envelope xmlns:s="" xmlns:a=""...

Client certificate authentication

I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...

Firefox and SSL pages - takes very long on certain sites [closed]

I use openSUSE 13.1 and Firefox 38.0.1. On some pages with ssl it takes minutes until the connection is established. It only happens on sites whose ssl certificate is not trusted by firefox, so that it asks you if you really want to enter the site. But even this security...

Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?

I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files). Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far...

ssl certificate with and without www

I have a website that installed a ssl certificate for the name of It works fine for But it doesn't work for The browser gave me Error code: ssl_error_bad_cert_domain. I am using Apache 2. I tried to rewrite the url to add www in httpd-ssl.conf, see the...

Getting SSLHandshakeException in java

I ma getting SSL Hand Shake error in eclipse while calling https restful web service from simple java stub but, can access this URL from browser after importing Client Digital Certificate to browser which was shared by service provider. Hiding End point URL for security purpose. Please help me, i...

Redirecting http to https

I'd like to redirect all of my http traffic to https, currently in my htaccess file I have the following redirecting my http traffic: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </IfModule> This redirects all of my non-www to www. What is the best way to...

Self-signed Certificate and Client Keystore for SSL Authentication

I need to create and install a self-signed certificate on the server (an XML hardware appliance) to do SSL authentication of a Java client/application which, through its interface configuration, can set keystores, i.e. .jks. I only need this setup for testing purposes and not production, for obvious reasons. Here's how...

Same system, same code, different behaviors: The request was aborted: Could not create SSL/TLS secure channel

There are many questions about "The request was aborted: Could not create SSL/TLS secure channel." error message and it seems very few of them were answered. I couldn't find any answer about my case, also my problem is little bit different. I have a Windows Service. It sends data to...

How to make a website work only with https [duplicate],ssl,https
This question already has an answer here: How to force HTTPS using a web.config file 3 answers How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https? For example let me say,...

Rails, DNSimple, Heroku and SSL - do I need a certificate?

So I'm currently deploying my app via Heroku. I noticed that in has HTTPS, so if I do config.force_ssl = true in my environments/production.rb it seems like I have wildcare SSL, right? Now I'm using DNSimple to get my actual name - call it Which currently resolves to...

ArgumentError - unknown SSL method `TLSv1_2'

I am trying to move my AWS integration over TLS instead of SSLv3, but I'm receiving an error when trying to set the config.fog_credentials as another SO post has suggested, but I am receiving the ArgumentError above (unknown SSL method 'TLSv1_2'. I am open to a different solution to move...

serving GAE applications over http

I have implemented an application on GAE which can be accessible through https://<my_app_id> Now I have a custom domain registered with As described in GAE documentation I have mapped my custom domain to https://<my_app_id> and I see my application getting served from my custom domain. But I see requests...

Meteor mupx ssl configuration is not working, still routing to port 80

Heres my mup.json: // Configure environment "env": { "PORT": 3000, "ROOT_URL": "" }, //SSL "ssl": { "certificate": "ssl/ssl.crt", // this is a bundle of certificates "key": "ssl/private.key", // this is the private key of the certificate "port": 443 // 443 is the default value and it's the standard HTTPS port...

How to create a private certificate for connecting to a website

My apologies if this is a duplicate, I may just not be using the correct terminology in my queries to find what I am looking for. I have a vendor that sent me a certificate to install in my browser so that we can access their website. We cannot get...

How to set up a meteor server on https connection?

I have a local meteor server running on port 3000.Then I want add the SSL Certificate to my project.I have generate the SSL files, what should I do the next?

How do you unblock the 993 port if your firewall settings is blocking it?

I am trying to retrieve my emails from Gmail using php. for writing the host name, this is my code: $hostname = '{}INBOX'; I am getting this error: Warning: imap_open(): Couldn't open stream {}INBOX in /home1/mtc/public_html/mtcerp/emailparser/email.php on line 10 Cannot connect to Gmail: Can not authenticate to IMAP server: [CLOSED]...

Issue with understanding keystore and ssl

These are the facts: I have a client(android)-server(java - Ubuntu 14.04)-program with which I transmit my gps-data from my smartphone every 5 minutes to the server saving it into a mysql-database. My problem is that I do not want to transmit my GPS data plain. So I want to use...

Starting a tls communication with python asyncio

I have some python code snippet that uses asyncio and initiates a "plain" connection: loop = asyncio.get_event_loop() coro = loop.create_connection(lambda: MyCustomClassProtocol(loop), sock=client_socket) loop.run_until_complete(coro) The point is my plain connection switches to a tls one once some exchanges have happened. In the traditional way one would do this: ssl_sock = ssl.wrap_socket(client_socket,...

Particular URL redirect to http if request come from particular host

Web server is apache, ssl configured, listening on 443, All http requests will be redirected to https using rewrite rule Issues is all url's are serving through https, but we want to connect to the web server through http if the request is coming for particular url from particular host,...

Nginx redirect http subdomains to https

I have one domain with 3 subdomains: - (main domain) - - - (just a cname to point to zendesk) And I have this 3 configuration on my Nginx: api # HTTP server server { listen 80; server_name; return 301$request_uri; } # HTTPS server...

Database field length is not enforced

I am using web2py (python) with sqlite3 database (test flowers database :) ). Here is the declaration of the table: db.define_table('flower', Field('code', type='string', length=4, required=True, unique=True), Field('name', type='string', length=100, required=True), Field('description', type='string', length=250, required=False), Field('price', type='float', required=True), Field('photo', 'upload')); Which translates into correct SQL in sql.log: CREATE TABLE flower( id...

Configure Apache web server to perform SSL authentication

I'm trying to perform SSL authentication in apache web server, using XAMPP in Linux. After I configure httpd.conf like this, Apache server is failing to start. Can some one help me to fix this ? What is wrong with my configuration ? Alias /bitnami/ "/opt/lampp/apache2/htdocs/" Alias /bitnami "/opt/lampp/apache2/htdocs" <Directory "/opt/lampp/apache2/htdocs">...

Problems generating a self-signed 1024-bit X509Certificate2 using the RSA AES provider

I am trying to generate an X509Certificate2 object using the Microsoft AES Cryptographic Provider: CALG_AES_256 (0x00006610) 256 bit AES. This algorithm is supported by the Microsoft AES Cryptographic Provider. My problem is that my call to CryptGenKey(providerContext, 0x6610, 0x4000001, out cryptKey) fails with the following error: An unhandled exception of...

Openshift trustwave intermediate ssl cert issue

So I have got an application on openshift and I am trying to enable SSL on there. I already have an SSL cert from my previous host which is with Trustwave and seemed to work fine. So I have setup an alias for and have put a CNAME redirect...

Server Authentication in Swift 2.0 & XCode 7 broken

I just updated my code to Swift 2.0 to work with Xcode 7. My App performs NSURLAuthenticationMethodServerTrust and NSURLAuthenticationMethodClientCertificate authentication. The problem is NSURLAuthenticationMethodServerTrust authentication stopped working on my simulator - but still works on my test device with iOS 8.3. Besides my old project which is not Swift 2.0,...

How does DNS server know the IP address of an SSL's URL?

The SSL/TLS (https) protocol encrypts both of the web page url and its content. So I'm wondering how could the DNS server know the ip address of the requested url if it is encrypted? Any documented reference or idea?

NPM Error: self signed certificate in certificate chain

I am following the Angular 2 quick start guide and I'm stuck right at the beginning of it. My company is filtering our network connections and modifying SSL negociation. In a man in the middle style they assign a self signed certificate as the CA of the destination's certificate. Therefore...

Roundcube - Nginx does not redirect to .php file automatically

EDITED! I set up a mail server on Debian 7 with Nginx, Postfix, Postfixadmin, Dovecot and Roundcube. I tried to create an alias to use the SSL certificate of my domain (of course, the domain here is an example) for the webmail. When accessing the following URL -...

Copied ssl cert to a test site, how do I remove it?

I copied my site to a new virtual server with Softlayer but when I did the the security cert came to. now every time I try to log to my new development site it give warnings saying that the site has taken its cert from another source. I am using...

Java client certificates and keystores

we are trying to build a MUTUAL/2WAY authentication mechanism. Because we hit two different hosts, we have the same client certificate stored in the client keystore container under two different aliases (please note the same fingerprint): [email protected]:/opt/golem# keytool -list -keystore ./client.keystore -storepass ________ Keystore type: JKS Keystore provider: SUN Your...

Spring Boot SSL Client

I am new to Spring Boot. So far I am enjoying it. I have developed a demo SSL rest web server that correctly handles mutual X.509 certificate authentication. Using an IE browser with self signed client & server certificates, I have tested that the demo rest web server is working...

Problems connecting via HTTPS/SSL through own Java client

I'm trying to establish a connection to to receive some JSON data. The server only allows connections through HTTPS/SSL. Here is the code: java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2"); URL url = new URL(""); InputStream is = url.openStream(); JsonParser parser = Json.createParser(is); openSteam throws Received fatal alert: handshake_failure I read through several...

How to load SSL Certficate in Java

I am creating a Java program to get information from a server but I have to perform a ssl handshake with the server from the Java program. I have myfilercert.cer file certificate for authentication purpose but I have no idea how I can load that certificate in java so that...

SSL/TLS: Why will the server be the only one to be able to decrypt the encrypted number if it's a public key?

Wouldn't anyone else be able to decrypt it too using the public key? Or is it saying that it will be decrypted with a private key. If that's the case how could something be encrypted with one key and decrypted with another? This is in reference to this wikipedia article....

Java 8 , JCE Unlimited Strength Policy and SSL Handshake over TLS

With Java 8, server which only supports TLSv1, it fails to make secure socket connection from cent OS Version java version "1.8.0_45" Java(TM) SE Runtime Environment (build 1.8.0_45-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode) Source import; import; import; import; import; import;...

How to disable common name check in SSLContext in java?

I am using SSLContext so set up Jersey client, and need to disable the common name check in order to avoid unnecessary issues. However, I can find no documentation as to how we can do it correctly. So is the common name check disabled by default in SSLContext (assuming using...

Create OpenSSL certificates signed by myself

I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work. The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can...

SSL Handshake in Java Servlet (HttpsURLConnection)

I have a java web application that requires a servlet to open a connection with a url that returns some data in the form of JSON back to the servlet for processing. Traditionally this was done using an HttpURLConnection and everything worked as planned. Now, we have added as self-signed...

SMTP ports - SSL vs non-SSL

I was told today by a support rep at that regardless of whether we connect via SSL or non-SSL, the data is secure as if it is going via SSL. I'm no genius, but I'm also not a complete idiot. And I have a strong feeling that this guy...

Wildcard SSL on several servers - seems OK when tested but red in Chrome

I'm trying to install a Wildcard SSL by Comodo on my servers - AWS amazon Linux with Apache2.4. '' is working 'almost' correctly - it has an exclamation mark - seems that this is because it is calling media from the '' - in which the HTTPS in chrome are...

How to filter words in db.body

I am working on a program that I want to filter out some words, with nltk style of removing the stopwords as follows: def phrasefilter(phrase): phrase = phrase.replace('hi', 'hello') phrase = phrase.replace('hey', 'hello') phrase = re.sub('[^A-Za-z0-9\s]+', '', phrase.lower()) noise_words_set = ['of', 'the', 'at', 'for', 'in', 'and', 'is', 'from', 'are', 'our',...