CentOS7+Python+Flask+Https服务

CentOS7

确认Openssl存在

sudo yum update
sudo yum install openssl```
openssl version

mkdir -p /tmp/ca && cd /tmp/ca

openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 3650 -out server.crt

req 是 OpenSSL 工具的一个子命令，用于处理证书签名请求。
-newkey rsa:2048 选项表示要创建一个新的 RSA 密钥，并将其长度设置为 2048 位。这个密钥将用于后续的证书请求和签名操作。
-nodes 选项表示不要对私钥进行加密，即使私钥被泄露也不会对其进行保护。这在测试和开发过程中很有用，但在生产环境中不建议使用。
-keyout example.key 选项指定了生成的私钥文件的路径和名称。
-x509 选项表示生成一个自签名的 X.509 格式证书，而不是一个证书请求。
-days 365 选项表示证书的有效期为一年，可以根据需要进行更改。
-out example.crt 选项指定了生成的证书文件的路径和名称。

pip install flask
pip install flask-cors

from flask import Flask, request, jsonify
from flask_cors import CORS
import hashlib
import time
import osapp = Flask(__name__)
CORS(app)@app.route('/index', methods=['GET'])
def index():return jsonify({'message': 'successfully', 'code': '100'}), 200if __name__ == '__main__':app.run('0.0.0.0', debug=True, port=18383, ssl_context=('/tmp/ca/server.crt', '/tmp/ca/server.key'))

Window

安装openssl

https://slproweb.com/download/Win64OpenSSL_Light-3_3_1.msi

配置openssl.cnf

[req]
default_bits            = 2048
default_md              = sha256
distinguished_name      = req_distinguished_name[req_distinguished_name]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = SomeState
localityName                    = Locality Name (eg, city)
localityName_default            = SomeCity
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = SomeOrganization
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = SomeOrgUnit
commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64
commonName_default              = SomeCommonName
emailAddress                    = Email Address
emailAddress_max                = 64
emailAddress_default            = someone@example.com

内容自己修改

执行命令

openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 3650 -out server.crt -config openssl.cnf

unable to find 'distinguished_name' in config
problems making Certificate Request
27732:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto\conf\conf_lib.c:270:

以上错误，是没有配置openssl.cnf

shell脚本

#!/bin/bashPROJECT_NAME="https Project"# Generate the openssl configuration files.
cat > ca_cert.conf << EOF
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no[ req_distinguished_name ]O                      = $PROJECT_NAME Certificate Authority
EOFcat > server_cert.conf << EOF
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no[ req_distinguished_name ]O                      = $PROJECT_NAMECN                     = 
EOFcat > client_cert.conf << EOF
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no[ req_distinguished_name ]O                      = $PROJECT_NAME Device CertificateCN                     = 
EOFmkdir ca
mkdir server
mkdir client