Dynamic SSL certificate change question

37 views
Skip to first unread message

Ram

unread,
Oct 3, 2021, 12:58:17 PM10/3/21
to Tornado Web Server
Is there a way to dynamically change the SSL certificates in a running tornado application? (After the IOLoop..start() has taken place?) - I would like to do this perhaps using a rest api trigger for example, or a simple callback.

Thanks,
--D

Ben Darnell

unread,
Oct 4, 2021, 8:52:34 AM10/4/21
to Tornado Mailing List
I haven't tried this myself but I believe the way to do it is to keep a reference to the SSLContext you pass to the HTTPServer and then call its load_cert_chain method again whenever you want to update it. 

def main():
    global ssl_ctx
    ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    ssl_ctx.load_cert_chain(...)
    app = Application(...)
    app.listen(port, ssl_options=ssl_ctx)
    IOLoop.current().start()

def reload_certs():
    ssl_ctx.load_cert_chain(...)

-Ben

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/python-tornado/50e68bcf-ea21-4d76-bd44-d65209cea20cn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages