1.安装pyopenssl
pip install pyopenssl
2.生成自签名 SSL/TLS 证书,找个文件,写入以下内容,运行一下,会生成cert.pem的文件
from OpenSSL import crypto
# 生成私钥文件
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# 生成证书请求文件
req = crypto.X509Req()
subj = req.get_subject()
subj.countryName = "US"
subj.stateOrProvinceName = "CA"
subj.localityName = "San Francisco"
subj.organizationName = "My Company"
subj.commonName = "www.example.com"
req.set_pubkey(key)
req.sign(key, "sha256")
# 生成自签名证书文件
cert = crypto.X509()
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert.set_issuer(req.get_subject())
cert.set_subject(req.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(key, "sha256")
with open("cert.pem", "w") as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8"))
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode("utf-8"))
3.在tornado上使用
import ssl
from tornado import httpserver, ioloop, web
class MainHandler(web.RequestHandler):
def get(self):
self.write("Hello, world")
if __name__ == "__main__":
app = web.Application([
(r"/", MainHandler),
])
# 启用 SSL/TLS
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain("cert.pem")
http_server = httpserver.HTTPServer(app, ssl_options=ssl_ctx)
http_server.listen(8888)
ioloop.IOLoop.current().start()
4.然后就可以启动https://localhost:8888啦