It took me more time than it should have to piece together the right bits of current information for using SSL with cherrypy. Here’s a fully working example of cherrypy 3.2.0 serving up HTTPS requests.
Quick notes – if you haven’t tried cherrypy, do it. It’s awesome in its simplicity. Also, I got my SSL cert from godaddy, which was the cheapest I found. This particular cert uses a certificate chain, so when all is said and done we have my_cert.crt, my_cert.key, and gd_bundle.crt.
ssl_server.py:
import cherrypy
class RootServer:
@cherrypy.expose
def index(self, **keywords):
return "it works!"
if __name__ == '__main__':
server_config={
'server.socket_host': '0.0.0.0',
'server.socket_port':443,
'server.ssl_module':'pyopenssl',
'server.ssl_certificate':'/home/ubuntu/my_cert.crt',
'server.ssl_private_key':'/home/ubuntu/my_cert.key',
'server.ssl_certificate_chain':'/home/ubuntu/gd_bundle.crt'
}
cherrypy.config.update(server_config)
cherrypy.quickstart(RootServer())
Launch the server like:
sudo python ssl_server.py
You need to use sudo because it runs on port 443. You should be asked to “Enter PEM pass phrase” that you set when generating your key.
Update: In a follow-up post I show how you run an HTTPS server (port 443) and an HTTP server (port 80) at the same time.
10 responses to “Using SSL HTTPS with cherrypy 3.2.0 Example”
Hello,
nice example. Can you show me hwo the chain file “gd_bundle.crt” has to look like. Everything is working well on my testserver, only the chain part not.
Thx
Marten
It’s just a text file of concatenated certificates.
[…] References: https://www.zacwitte.com/using-ssl-https-with-cherrypy-3-2-0-example Share this:TwitterFacebookLike this:LikeBe the first to like this. […]
Thanks!
Is there a way to pass the “PEM pass phrase” already in the Python code?
Found something. Under Linux/Unix, one can use the command line tool ‘expect’ to wrap around in order to pass automatically the PEM pass phrase to cherrypy.
Thanks!
By the way, if someome wants to generate the certificate, here is the command line:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes
Hi, i’ve tried your solution. The server starts, but the engine doesn’t use HTTPS protocol:
04/Sep/2014:16:14:29] ENGINE Started monitor thread ‘_TimeoutMonitor’.
[04/Sep/2014:16:14:29] ENGINE Started monitor thread ‘Autoreloader’.
[04/Sep/2014:16:14:31] ENGINE Serving on http://0.0.0.0:443
[04/Sep/2014:16:14:31] ENGINE Bus STARTED
My CherryPy version is 3.5.0 on MacOSX 10.6.8
Thank you!
hi, i’ve same problem. Try change
‘server.ssl_module’:’pyopenssl’, to ‘server.ssl_module’:’builtin’, and try execute using Python3. Works to me.
Nope, cherrypy SSL handling is broken past 3.2.4: https://bitbucket.org/cherrypy/cherrypy/issue/1298/ssl-not-working
downgrade: sudo pip uninstall cherrypy; sudo pip install cherrypy==3.2.4