Mailing List Archive: Python: Python

Secure XMLRPC Server / PEM Files

Index | Next | Previous | View Threaded

dcrespo at gmail

Sep 11, 2006, 12:01 PM

Post #1 of 8 (404 views)
Permalink

Secure XMLRPC Server / PEM Files

Hello everybody,

I'm trying to implement a secure xmlrpc server with basis on
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496786 recipe.
The thing that I'm concerned about is how can I get/create rapidly the
.pem files (the key and cert).

Any help?

Thanks

Daniel

--
http://mail.python.org/mailman/listinfo/python-list

gandalf at designaproduct

Sep 11, 2006, 12:13 PM

Post #2 of 8 (382 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Daniel Crespo írta:
> Hello everybody,
>
> I'm trying to implement a secure xmlrpc server with basis on
> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496786 recipe.
> The thing that I'm concerned about is how can I get/create rapidly the
> .pem files (the key and cert).
>
> Any help?
>
Hello,

If you have OpenSSL installed, you can do the following:

1. Create a new directory and place the two attached files in it
(openssl.cnf and generate.sh)
2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
3. Answer to the questions. Be sure that your common name is your domain
name.

Then you will find PEM and DER formatted files. You should use the
unencrypted key.pem and cert.pem files.

Let me know if you have any problem.

Best,

Laszlo

Attachments:

openssl.cnf (2.79 KB)

generate.sh (0.39 KB)

gandalf at designaproduct

Sep 11, 2006, 12:16 PM

Post #3 of 8 (392 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

>
>
> If you have OpenSSL installed, you can do the following:
>
> 1. Create a new directory and place the two attached files in it
> (openssl.cnf and generate.sh)
> 2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
I meant generate.sh instead of gen_cert.sh.

Under windows it won't work. But you can easily convert generate.sh into
generate.bat. :-)

Laszlo

--
http://mail.python.org/mailman/listinfo/python-list

dcrespo at gmail

Sep 11, 2006, 1:19 PM

Post #4 of 8 (388 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Laszlo Nagy wrote:
> >
> >
> > If you have OpenSSL installed, you can do the following:
> >
> > 1. Create a new directory and place the two attached files in it
> > (openssl.cnf and generate.sh)
> > 2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
> I meant generate.sh instead of gen_cert.sh.
>
> Under windows it won't work. But you can easily convert generate.sh into
> generate.bat. :-)
>
> Laszlo

I'm on Windows...
I'm also trying to get OpenSSL installed, but I need compilers and all
that stuff. Before getting involved in that, do you know of a faster
way to have it installed?

Thanks

Daniel

--
http://mail.python.org/mailman/listinfo/python-list

gandalf at designaproduct

Sep 11, 2006, 1:36 PM

Post #5 of 8 (381 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Daniel Crespo írta:
> Laszlo Nagy wrote:
>
>>> If you have OpenSSL installed, you can do the following:
>>>
>>> 1. Create a new directory and place the two attached files in it
>>> (openssl.cnf and generate.sh)
>>> 2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
>>>
>> I meant generate.sh instead of gen_cert.sh.
>>
>> Under windows it won't work. But you can easily convert generate.sh into
>> generate.bat. :-)
>>
>> Laszlo
>>
>
> I'm on Windows...
> I'm also trying to get OpenSSL installed, but I need compilers and all
> that stuff. Before getting involved in that, do you know of a faster
> way to have it installed?
>
Yes. Read the recipe once more. Especially, the first document string in
that program. ;-)

"""For windows users: http://webcleaner.sourceforge.net/pyOpenSSL-0.6.win32-py2.4.exe"""

(You will also need the openssl binaries for windows, but they are very easy to find.)

Laszlo

--
http://mail.python.org/mailman/listinfo/python-list

dcrespo at gmail

Sep 11, 2006, 4:23 PM

Post #6 of 8 (380 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Hi Laszlo,

I have read that. It's the wrapper for the usage of OpenSSL, so I have
to install it. I have downloaded the Borland C++ compiler, and I'm
doing so right now, but I'm not getting good results yet.

I tried to import OpenSSL, it seems to work.

Now, I want to try the code I submited earlier, but I need the .pem
files. You told me to change generate.sh to generate.bat. How can I do
that?

Many thanks,

Daniel

Laszlo Nagy wrote:
> Daniel Crespo írta:
> > Laszlo Nagy wrote:
> >
> >>> If you have OpenSSL installed, you can do the following:
> >>>
> >>> 1. Create a new directory and place the two attached files in it
> >>> (openssl.cnf and generate.sh)
> >>> 2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
> >>>
> >> I meant generate.sh instead of gen_cert.sh.
> >>
> >> Under windows it won't work. But you can easily convert generate.sh into
> >> generate.bat. :-)
> >>
> >> Laszlo
> >>
> >
> > I'm on Windows...
> > I'm also trying to get OpenSSL installed, but I need compilers and all
> > that stuff. Before getting involved in that, do you know of a faster
> > way to have it installed?
> >
> Yes. Read the recipe once more. Especially, the first document string in
> that program. ;-)
>
> """For windows users: http://webcleaner.sourceforge.net/pyOpenSSL-0.6.win32-py2.4.exe"""
>
> (You will also need the openssl binaries for windows, but they are very easy to find.)
>
>
> Laszlo

--
http://mail.python.org/mailman/listinfo/python-list

gandalf at designaproduct

Sep 12, 2006, 7:05 AM

Post #7 of 8 (379 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Daniel Crespo írta:
> Hi Laszlo,
>
> I have read that. It's the wrapper for the usage of OpenSSL, so I have
> to install it. I have downloaded the Borland C++ compiler, and I'm
> doing so right now, but I'm not getting good results yet.
>
You do not need any compiler. You just need to install the openssl
binaries and the wrapper.
> I tried to import OpenSSL, it seems to work.
>
Great.
> Now, I want to try the code I submited earlier, but I need the .pem
> files. You told me to change generate.sh to generate.bat. How can I do
> that?
>

Basically, use "del" instead of "rm" and use "move" instead of "mv". Use
<yourdomain.com> instead of $1. Moreover, openssl.exe must be on your
path. That's all.

Try this (untested):

openssl req -config openssl.cnf -new -out my-server.csr
openssl rsa -in privkey.pem -out my-server.key
openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 1500
openssl x509 -in my-server.cert -out my-server.der.crt -outform DER

move my-server.csr yourdomain.com.csr
move my-server.cert yourdomain.com.cert.pem
move my-server.key yourdomain.com.key.pem
move my-server.der.crt yourdomain.com.der.crt

del privkey.pem

Laszlo

--
http://mail.python.org/mailman/listinfo/python-list

dcrespo at gmail

Sep 12, 2006, 1:41 PM

Post #8 of 8 (376 views)
Permalink

Re: Secure XMLRPC Server / PEM Files [In reply to]

Hi Laszlo,

> Try this (untested):
>
> openssl req -config openssl.cnf -new -out my-server.csr
> openssl rsa -in privkey.pem -out my-server.key

Here's what I tried:

C:\OpenSSL\bin>openssl req -config openssl.cnf -new -out my-server.csr
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.............++++++
..........................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase: PASSWORD
Verifying - Enter PEM pass phrase: PASSWORD
-----
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:DF
Locality Name (eg, city) []:CITY
Organization Name (eg, company) [Internet Widgits Pty Ltd]:COMPANY
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:PASSWORD
An optional company name []:COMPANY

C:\OpenSSL\bin>openssl rsa -in privkey.pem -out my-server.key
Enter pass phrase for privkey.pem: PASSWORD
unable to load Private Key
3688:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\
crypto\evp\evp_enc.c:461:
3688:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:.\crypto\pem\pem_lib.
c:425:

Any help?

Thanks in advance

Daniel

--
http://mail.python.org/mailman/listinfo/python-list

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com