1

I am trying to use SSL on Flask, using this line of code:

app.run(host='0.0.0.0', port=1025, debug=True, ssl_context=('example/crt.crt', 'example/key.key'))

But when I have generated a certificate on GoDaddy, it gives me two files, both .crt files. I believe one may be an intermediary certificate or something?

The file names are: 4358362a9e56bb.crt and gd_bundle.crt, which one do I point to for Flask? Or do I somehow need to use both. On the GoDaddy page it says:

You must install all certificates on your server, including the intermediate certificate, as specified in the SSL Installation Instructions that pertain to your server.

I am trying to connect this to Salesforce. As the first time I key'ed it with SHA2, so I am now trying with SHA1.

Tunaki
  • 132,869
  • 46
  • 340
  • 423
Lewis Lebentz
  • 817
  • 4
  • 13
  • 24

3 Answers3

2

You must concatenate both root CA file and intermediate file

take a look at has and example: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/789/37/certificate-installation-nginx

dpgaspar
  • 1,193
  • 8
  • 10
  • Ah okay, I didn't realise that was possible! So in my case, I will literally just need to run: cat 4358362a9e56bb.crt gd_bundle.crt > ssl-bundle.crt then point flask to my new .crt? Seems too easy! Thanks! – Lewis Lebentz Oct 22 '14 at 11:27
  • The link is broken unfortunately – user3282276 Jun 28 '16 at 06:14
1

You shouldnt be using flask.run in production. It says right in the docs that it is not prod ready using something more substantial such as gunicorn for your webserver.

To use multiple certs @dpgaspar is right you just concat them together.

Try and keep them formatted nicely you will thank yourself later.

Cheers!

applewood
  • 391
  • 2
  • 11
  • Thanks for confirming the other answer. I want to use it solely to run one Python script (It's actually running on a Raspberry Pi). Would guinicorn still be a better alternative? I'm new to this, so any suggestions are welcome. Thanks! – Lewis Lebentz Oct 22 '14 at 11:24
  • I need to know more about your project to give you a good answer here. Generally though, in a public facing application the flask webserver is not recommended. – applewood Oct 23 '14 at 04:15
  • It is 'public' as in being on the Internet, but only intended for me to use. Obviously I have changed the SSH login details etc. from the default, and will be enabling SSL so hopefully it should be secure. – Lewis Lebentz Oct 24 '14 at 16:03
  • You should be fine in that use case. – applewood Oct 24 '14 at 17:01
1

As mentioned, concatenation is required, but the order matters: root, then intermediate certificates. NGINX has some information on their website on how this works on their end, which seems similar to what Flask expects.

Similar SO question: Nginx install intermediate certificate

Community
  • 1
  • 1
Eric Leblanc
  • 11
  • 1