I have a problem using SSL certificate in a dockerized Django application. I used the commands given by Graham to create SSL certificates in
https://gist.github.com/GrahamDumpleton/b79d336569054882679e. I copied these certificates and pasted those files in a folder called "ssl_certs". If I run the docker now using the below commands I get "
Post-Handshake Authentication" error when I call
https://localhost:8443/.
1. How to resolve this error?
2. Is there any way to create an SSL certificate using Dockerfile commands in Dockerfile and make Django use these certificates after I build and run the docker container?
Docker build and run commands:
1. Build command: docker build -t ssl-api .
2. Run command: docker run -it -p 8443:8443 ssl-api
Dockerfile:
FROM python:3
RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen
ENV
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-
COPY ./requirements.txt /requirements.txt
RUN pip install --no-cache-dir -r /requirements.txt
WORKDIR /opt/app-root
COPY . /opt/app-root
EXPOSE 8443
CMD ["mod_wsgi-express", "start-server","--threads","20","--processes","5","--user","www-data", "--group", "www-data","--log-to-terminal","/opt/app-root/mysite/wsgi.py","--startup-log" , "--https-port" ,"8443" ,"--https-only" ,"--server-name" ,"Kaushik", "--allow-localhost" ,"--ssl-certificate-file" ,"/opt/app-root/ssl_certs/server.crt", "--ssl-certificate-key-file", "/opt/app-root/ssl_certs/server.key" ,"--ssl-ca-certificate-file" ,"/opt/app-root/ssl_certs/ca.crt"]
LOGS:Server Root : /tmp/mod_wsgi-localhost:8000:0
Server Conf : /tmp/mod_wsgi-localhost:8000:0/httpd.conf
Error Log File : /dev/stderr (warn)
Startup Log File : /dev/stderr
Request Capacity : 100 (5 processes * 20 threads)
Request Timeout : 60 (seconds)
Startup Timeout : 15 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 170 (event/worker), 160 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-)
[Wed Mar 31 17:32:28.659790 2021] [ssl:warn] [pid 1:tid 139700681196672] AH01909: localhost:8443:0 server certificate does NOT include an ID which matches the server name
[Wed Mar 31 17:32:28.663192 2021] [ssl:warn] [pid 1:tid 139700681196672] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Mar 31 17:32:28.664060 2021] [ssl:warn] [pid 1:tid 139700681196672] AH01909: localhost:8443:0 server certificate does NOT include an ID which matches the server name
[Wed Mar 31 17:32:28.665207 2021] [mpm_event:notice] [pid 1:tid 139700681196672] AH00489: Apache/2.4.38 (Debian) mod_wsgi/4.7.1 Python/3.9 OpenSSL/1.1.1d configured -- resuming normal ope
rations
[Wed Mar 31 17:32:28.665241 2021] [core:notice] [pid 1:tid 139700681196672] AH00094: Command line: 'apache2 (mod_wsgi-express) -f /tmp/mod_wsgi-localhost:8000:0/httpd.conf -E /dev/stderr
-D MOD_WSGI_VIRTUAL_HOST -D MOD_WSGI_WITH_HTTPS -D MOD_WSGI_VERIFY_CLIENT -D MOD_WSGI_HTTPS_ONLY -D MOD_WSGI_ALLOW_LOCALHOST -D MOD_WSGI_MULTIPROCESS -D MOD_WSGI_MPM_ENABLE_EVENT_MODULE -
D MOD_WSGI_MPM_EXISTS_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_WORKER_MODULE -D MOD_WSGI_MPM_EXISTS_PREFORK_MODULE -D FOREGROUND'
[Wed Mar 31 17:32:33.221933 2021] [ssl:error] [pid 15:tid 139700669671168] [client
172.17.0.1:39750] AH10129: verify client post handshake
[Wed Mar 31 17:32:33.221977 2021] [ssl:error] [pid 15:tid 139700669671168] [client
172.17.0.1:39750] AH10158: cannot perform post-handshake authentication
[Wed Mar 31 17:32:33.222028 2021] [ssl:error] [pid 15:tid 139700669671168] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received
/
[Wed Mar 31 17:32:33.383606 2021] [ssl:error] [pid 15:tid 139700669138688] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received