Library: sslcerts

From Yombo
Jump to: navigation, search
Commonly Used No
Status Active

Generate signed SSL certs for modules needing to host a TLS (SSL) secure service.


Using the _sslcerts_ hook from the SSL Certificate library allows modules to request publicly signed SSL certificates by Let's Encrypt.


No hooks registered.


There are two steps to getting and using a signed SSL Cert.


Requesting a certify is very easy, however, it can't take a few minutes to get a signed public key back from Let's Encrypt. When you request a certificate to be signed, you may get a temporary self-signed cert. To request a SSL certificate to be signed, implement the _sslcerts_ hook.

This example starts a simple web server using the requested certificate.

 1 def _sslcerts_(self, **kwargs):
 2     """
 3     Requesting a signed SSL cert.
 4     """
 5     cert = {}
 6     cert['sslname'] = "module_my_module name"  # always start the sslname with "module_"
 7     cert['cn'] = 'myservice'  # the subdomain under the Dynamic DNS domain name.
 9     # this is a callable. This function will be called whenever a new or updated signed SSL cert is available.
10     cert['callback'] = self.new_ssl_cert
11     return cert

Using a cert

The following example code requests the certificate from the SSLCerts library. Note: If the certificate is not signed yet, you will receive a self-signed one. The dictionary key 'self_signed' will be True if it is.

1 cert = self._SSLCerts.get('module_my_module')
2 contextFactory = ssl.CertificateOptions(privateKey=cert['key_crypt'],
3                                         certificate=cert['cert_crypt'],
4                                         extraCertChain=cert['chain_crypt'])
5 try:
6     self.web_interface_ssl_listener = reactor.listenSSL(self.wi_port_secure(), self.web_factory,
7                                                         contextFactory)
8 except Exception as e:
9     logger.warn("Problem with starting SSL listener: {e}", e=e)

This page was last edited on 9 December 2017.