I have an issue, i want to access an http server
with ssh certificate using python requests library
however without any usage of private keys and inside server data
(only publicly known, f.e. public RSA key and simmilar stuff)
How can I do that?
Related
The situation is that a desktop application is needed to be run in the background (an application that would be "hanging around" in the system tray) with an API. For simplicity reasons, I chose Flask to build the API and Python overall to build the desktop part of it. Is this a practical or reasonable way to create a desktop application? The application itself will not be large scale, it will only hold several Python scripts.
Basically, a Microsoft PowerApp will be communicating with this API on the desktop. When a call will be executed from the Microsoft PowerApp to the API, it will be targeting a public static IP address to a specific port, then that will be forwarded to the local IP of the Flask application. I understand that PowerApps requires SSL to communicate with applications. I can figure out how to build the API and desktop part of it, but I cannot figure out the SSL certificates. When I try to generate a certificate through CertBot, it requires me to supply a domain. This situation will not be using a domain, only the public static IP. Does this at all seem logical to do or should a different approach be taken?
Though some SSL certificate providers support issuing certs to IP addresses, do yourself a favor and get the one assigned to a hostname. Just use organization's domain to create a hostname you like.
Alternatively, try entering IP address instead of domain when ordering a certificate.
You can read more about IP-based certs here: Is it possible to have SSL certificate for IP address, not domain name?
So, the situation is: I want to know what path is a program sending the request to. With Wireshark, I can only know that it is sending https request and the corresponding domain but not the path.
I think there could be a way to at least inspect the outbound https traffic even without hacking the program.
Let's say if I run a fake website and redirect the connection to the real site to my local fake site. So the request will be sent to my fake site, and I can create a self-signed fake key pair for my fake site. Install the private key on the fake site, and install the public key on my local machine. Then the handshake should be approved.
But I have several problems:
How to launch a fake https server in the simplest way? Nginx? Or is there a simple solution in Python?
How can I install the public key on my local machine? I'm using Linux Mint 19 which is based on Ubuntu 18.04.
Any help is appreciated!
You may want to check Charles proxy. This a proxy with which you can inspect the outbound traffic (including HTTPS).
In order to inspect HTTPS traffic, it will be required to enable SSL Proxy which means that Charles will dynamically generate a certificate and become man-in-the-middle for HTTPS connections.
Charles signs these dynamic certificates with it's own which has to be added to the trusted storage of the application you use. Various instructions are available here.
We have a service that requires a client certificate to be presented with the request or the call will be rejected. For our .NET components, we have the certificate installed in the local Windows cert store. At runtime we can get the certificate by thumbprint and include that with our request.
For our python component, I am able to get the certificate from the store, but only the public data. I can't seem to access the private key. To get around this I have a pem file with the certificate data that python uses. We are cleaning all secrets out of our source repository, so I need to remove this file.
Does anyone have a suggesiton on how I can access the private key for the certificate without checking it in with my code? Things I am exploring are:
Get the private key with the certificate from the windows cert store
Continue to use the pem file, but encrypt it somehow
Something else?
Thanks,
~john
i've written a small OPC-UA-Client in Python which acts as datalogger for PLC's with integrated OPC-UA Server.
The Connection with no security works fine but i want to secure it with a certificate.
I can import trusted certificates to the server and export the server certificate but how can i generate my own certificate ?
Thanks
You can use openssl to generate your own self-Signed certificate.
https://www.openssl.org/source/
Be Carefull with the extensions tho sometimes they demand .der .cer or as .pem and you might get an outform .crt.
How to create them:
https://www.ibm.com/support/knowledgecenter/en/SS8JFY_9.2.0/com.ibm.lmt.doc/Inventory/security/t_ssl_creating_certs.html
https://dzone.com/articles/secure-communication-with-tls-and-the-mosquitto-broker
Types of encryption:
https://blog.storagecraft.com/5-common-encryption-algorithms/
If you show your program maybe I can help you out.
So I have looked around for a while to try to find a answer for this but has had little luck. My issue is I am trying to build a python script to connect to a web server that is running on HTTPS, however it uses only PEM files to authenticate. A lot of the examples I have found show using PEM files with a username and password.
The website I am referring to is a Verizon SSL certificate manager website. It's how my company (cant name) manages there external SSL certs. My idea is to build a script to connect to the website and then take a list of SSL certs that are expiring and parse through it and email the SSL tech contact and let them know its expiring.
The part I am getting stuck on is the connecting to the website using only the PEM file. I was wondering what would be the best way of doing that ?