Ostap Khl Ostap Khl - 12 days ago 4
Python Question

Flask ssl. Always writes connection is unsecure

I'm triyng to make a flask app that will use open ssl. So far I've done this:

from flask.ext.script import Manager, Server
from flask.ext.migrate import Migrate, MigrateCommand
from OpenSSL import SSL
import os

from project import app, db

app.config.from_object(os.environ['APP_SETTINGS'])
migrate = Migrate(app, db)
manager = Manager(app)

manager.add_command('db', MigrateCommand)
manager.add_command("runserver", Server(ssl_context=('./server.crt', './server.key')))

if __name__ == '__main__':
manager.run()


When I run the server I see that Firefox wants to add an exception for unseccure connection, or Chrome says that connection isn't seccure and asksk if I want to continue unseccure connection.
Must it be that way ? Do I have to change something ?

Answer

I'm assuming you server.crt and server.key yourself. In that case, the Firefox warning is correct. What you've done is created a "self-signed" certificate, and almost all browsers will warn when they encounter one of these certificates, as they aren't created by a trusted certificate authority (instead it was created randomly by yourself).

If you want to use SSL without warning, you will need to get it from a verified company which your browser trusts. Let's Encrypt offers free certificates (and is trusted by all major browsers), and a few other free options are popping up as well.

When Firefox sees a certificate signed by a trusted CA (Certificate Authority), it assumes they have done their due diligence in verifying you do in fact own the domain name your certificate claims, and proceeds to use SSL with your site without any complaints.

Comments