Installing intermediate SSL certificate

[Stephen Sackett]

I have purchased an SSL certificate that also requires an intermediate certificate be installed in Tornado.  The vendor has no instructions concerning how to accomplish this with Tornado.  Does anyone know how to install an intermediate SSL certificate on Tornado?

Thanks,

Steve

[Aliane Abdenour Abdelouahab]

Hi,

you should not expose your Tornado to public, you can put it behind a reverse proxy like Nginx, here is how to install an intermediate certificate on Nginx :

https://stackoverflow.com/questions/25750890/nginx-install-intermediate-certificate

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornado+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ben Darnell]

Concatenate your certificate file with the intermediate certificates (many CAs will give you this file directly; sometimes you have to assemble it yourself). The combined file will look like this with multiple BEGIN/END CERTIFICATE lines:

-----BEGIN CERTIFICATE-----

... (certificate for your server)...

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

... (the certificate for the CA)...

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

... (the root certificate for the CA's issuer)...

-----END CERTIFICATE-----

https://docs.python.org/3/library/ssl.html#certificate-chains

Then you can pass this file as `certfile` to `SSLContext.load_cert_chain` when setting up your ssl configuration. 

-Ben

--

You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.

To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.