Library: sslcerts

From Yombo
Jump to: navigation, search
sslcerts
Commonly Used No
Status Active

Summary
Generate signed SSL certs for modules needing to host a TLS (SSL) secure service.

Introduction

Using the _sslcerts_ hook from the SSL Certificate library allows modules to request publicly signed SSL certificates by Let's Encrypt.


Hooks

No hooks registered.

Usage

There are two steps to getting and using a signed SSL Cert.

Request

Requesting a certify is very easy, however, it can't take a few minutes to get a signed public key back from Let's Encrypt. When you request a certificate to be signed, you may get a temporary self-signed cert. To request a SSL certificate to be signed, implement the _sslcerts_ hook.

This example starts a simple web server using the requested certificate.

 1 def _sslcerts_(self, **kwargs):
 2     """
 3     Requesting a signed SSL cert.
 4     """
 5     cert = {}
 6     cert['sslname'] = "module_my_module name"  # always start the sslname with "module_"
 7     cert['cn'] = 'myservice'  # the subdomain under the Dynamic DNS domain name.
 8 
 9     # this is a callable. This function will be called whenever a new or updated signed SSL cert is available.
10     cert['callback'] = self.new_ssl_cert
11     return cert

Using a cert

The following example code requests the certificate from the SSLCerts library. Note: If the certificate is not signed yet, you will receive a self-signed one. The dictionary key 'self_signed' will be True if it is.

1 cert = self._SSLCerts.get('module_my_module')
2 contextFactory = ssl.CertificateOptions(privateKey=cert['key_crypt'],
3                                         certificate=cert['cert_crypt'],
4                                         extraCertChain=cert['chain_crypt'])
5 try:
6     self.web_interface_ssl_listener = reactor.listenSSL(self.wi_port_secure(), self.web_factory,
7                                                         contextFactory)
8 except Exception as e:
9     logger.warn("Problem with starting SSL listener: {e}", e=e)


This page was last edited on 9 December 2017.