How do i find/set my CN name in a https server with python?

0

I'm currently using the following code to generate a local https server

to generate the crt

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

server.py

import os
import BaseHTTPServer, SimpleHTTPServer
import ssl
import sys

cdir = os.getcwd()
os.chdir(cdir)

httpd = BaseHTTPServer.HTTPServer(('', 443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)
httpd.serve_forever()

when i connect to it with my embedded device i receive the error

mbedtls_ssl_handshake failed
==> The certificate Common Name (CN) does not match with the expected CN

How can i overcome this problem?

user217354

Posted 2017-09-28T18:31:23.697

Reputation: 33

1well, your cert CN must match the domain in the URL you navigated to in your browser or you will recieve name mismatch errors. – Frank Thomas – 2017-09-29T00:39:40.870

So in a local environment should i use http:// local_ip/ or just "localp_ip" or "https:// local_ip" ? – user217354 – 2017-09-29T06:01:16.613

you won't be able to avoid a CN mismatch if you are navigating to an IP address. it has to be a domain name. – Frank Thomas – 2017-09-29T12:01:45.103

Do you know how to set a local DNS usable with that python server script? – user217354 – 2017-09-29T12:06:17.470

DNS is an external phenomenon from the websites perspective. The site must be listening on a server IP, so just make sure that server IP is known by a DNS server (I use Bind on my LAN) under a given name. provided that your phone is using the DNS server when you are on your LAN (use DHCP on your wireless to push it) you can point your browser to the site using the DNS name. That name is the one that needs to be registered in your cert. Of course this only works for inside your LAN, but the same principals apply for public hosting. – Frank Thomas – 2017-09-29T12:16:52.223

For the potential certificate problems, see How to create a self-signed certificate with openssl? Be sure all the names, like localhost and local_ip, are listed in the SAN. Use a friendly name for the CN, like "My Test Certificate" because modern user agents have deprecated host names in the CN. They don't use the CN any longer.

– jww – 2017-10-03T20:55:22.633

Since you are trying to do this in Python, I think you could ask this on Stack Overflow. But the name that matters is the name in DNS; not the name you give the server in your Python code. – jww – 2017-10-03T20:56:55.760

No answers

Asked: 2017-09-28T18:31:23.697

Viewed: 425 times

Active: 2017-09-28T18:31:23.697