Hosting HTTPS With Flask
00:00 In the previous lesson, I showed you how to finish the code to become a Certificate Authority. In this lesson, I’m going to show you how to use the certificate generated through the CA to host an HTTPS site using Flask. To host a web server that uses HTTPS you need: a signed certificate, configuration for Flask to use the certificate, and configuration for your web browser to include your custom Certificate Authority in its list of Trusted Third Parties.
This is a new copy of the original Flask server, not the one using the Fernet keys. The only difference between this and the original is line 13. The Flask development server is being started with the
This tells Flask to serve HTTPS. The
ssl_context requires two arguments: the server public key and the server private key. The server public key is the signed certificate issued by the CA to Alice.
And because the private key is being used, Flask asks for a PEM pass phrase. This is the password that was used to encrypt the server private key. Typing it in allows the server to start. It’s running on port
5684 just like before, in order to be consistent. In a third window, I’m going to hit that with
If you think back to the previous lesson, the CSR included two valid hostnames for the certificate:
'127.0.0.1' isn’t one of those valid hostnames, so the certificate doesn’t recognize it.
Even though your computer thinks
127.0.0.1 are the same thing, the certificate doesn’t. Most Certificate Authorities refuse to sign certificates for IP addresses, so you usually have to have a hostname. Third time’s the charm, this time with
localhost. Still need the CA’s public key.
03:22 It stops someone from sniffing the contents of the channel, but it doesn’t stop anyone from actually hitting the port. Anyone who’s willing to ignore a browser’s warning about an invalid certificate can still see the contents hosted on HTTPS.
03:47 Congratulations! You’re now a CA capable of signing your own CSRs and hosting an HTTPS server with a self-signed certificate. In the last lesson, I’ll wrap up and show you some shortcuts that you could use to skip past all this code.
Become a Member to join the conversation.