|
| https://realpython.com/ |
| Start Here | https://realpython.com/start-here/ |
|
Learn Python
| https://realpython.com/lessons/hosting-https-flask/ |
| Python Tutorials →In-depth articles and video courses | https://realpython.com/search?kind=article&kind=course&order=newest |
| Learning Paths →Guided study plans for accelerated learning | https://realpython.com/learning-paths/ |
| Quizzes & Exercises →Check your learning progress | https://realpython.com/quizzes/ |
| Browse Topics →Focus on a specific area or skill level | https://realpython.com/tutorials/all/ |
| Community Chat →Learn with other Pythonistas | https://realpython.com/community/ |
| Office Hours →Live Q&A calls with Python experts | https://realpython.com/office-hours/ |
| Podcast →Hear what’s new in the world of Python | https://realpython.com/podcasts/rpp/ |
| Books →Round out your knowledge and learn offline | https://realpython.com/products/books/ |
| Reference →Concise definitions for common Python terms | https://realpython.com/ref/ |
| Code Mentor →BetaPersonalized code assistance & learning tools | https://realpython.com/mentor/ |
| Unlock All Content → | https://realpython.com/account/join/ |
|
More
| https://realpython.com/lessons/hosting-https-flask/ |
| Learner Stories | https://realpython.com/learner-stories/ |
| Python Newsletter | https://realpython.com/newsletter/ |
| Python Job Board | https://www.pythonjobshq.com |
| Meet the Team | https://realpython.com/team/ |
| Become a Tutorial Writer | https://realpython.com/write-for-us/ |
| Become a Video Instructor | https://realpython.com/become-an-instructor/ |
| Search | https://realpython.com/search |
| https://realpython.com/search |
| Join | https://realpython.com/account/join/ |
| Sign‑In | https://realpython.com/account/login/?next=%2Flessons%2Fhosting-https-flask%2F |
| Unlock This Lesson | https://realpython.com/account/join/?utm_source=rp_lesson&utm_content=exploring-https-cryptography |
| Unlock This Lesson | https://realpython.com/account/join/?utm_source=rp_lesson&utm_content=exploring-https-cryptography |
| https://realpython.com/courses/exploring-https-cryptography/#team |
| Exploring HTTPS and Cryptography in Python | https://realpython.com/courses/exploring-https-cryptography/ |
| Christopher Trudeau | https://realpython.com/courses/exploring-https-cryptography/#team |
| Recommended Tutorial | https://realpython.com/python-https/ |
| Course Slides (.pdf) | https://realpython.com/courses/exploring-https-cryptography/downloads/https-cryptography-slides/ |
| Sample Code (.zip) | https://realpython.com/courses/exploring-https-cryptography/downloads/https-cryptography-code/ |
| Ask a Question | https://realpython.com/lessons/hosting-https-flask/#discussion |
| https://realpython.com/feedback/survey/course/exploring-https-cryptography/liked/?from=lesson-title |
| https://realpython.com/feedback/survey/course/exploring-https-cryptography/disliked/?from=lesson-title |
| Transcript | https://realpython.com/lessons/hosting-https-flask/#transcript |
| Discussion (6) | https://realpython.com/lessons/hosting-https-flask/#discussion |
| 00:00 | https://realpython.com/lessons/hosting-https-flask/#t=0.0 |
| In the previous lesson, | https://realpython.com/lessons/hosting-https-flask/#t=0.0 |
| I showed you how to finish the code to become a Certificate Authority. | https://realpython.com/lessons/hosting-https-flask/#t=1.38 |
| In this lesson, I’m going to show you how to use the certificate | https://realpython.com/lessons/hosting-https-flask/#t=4.8 |
| generated through the CA to host an HTTPS site | https://realpython.com/lessons/hosting-https-flask/#t=7.62 |
| using Flask. To host a web server that uses HTTPS | https://realpython.com/lessons/hosting-https-flask/#t=11.94 |
| you need: a signed certificate, configuration for Flask to use the certificate, and | https://realpython.com/lessons/hosting-https-flask/#t=16.62 |
| configuration for your web browser to include your custom Certificate Authority | https://realpython.com/lessons/hosting-https-flask/#t=22.86 |
| in its list of Trusted Third Parties. | https://realpython.com/lessons/hosting-https-flask/#t=26.67 |
| 00:30 | https://realpython.com/lessons/hosting-https-flask/#t=30.54 |
| This is a new copy of the original Flask server, | https://realpython.com/lessons/hosting-https-flask/#t=30.54 |
| not the one using the Fernet keys. | https://realpython.com/lessons/hosting-https-flask/#t=33.39 |
| The only difference between this and the original is line 13. | https://realpython.com/lessons/hosting-https-flask/#t=35.94 |
| The Flask development server is being started with the ssl_context parameter. | https://realpython.com/lessons/hosting-https-flask/#t=40.35 |
| 00:45 | https://realpython.com/lessons/hosting-https-flask/#t=45.33 |
| This tells Flask to serve HTTPS. | https://realpython.com/lessons/hosting-https-flask/#t=45.33 |
| The ssl_context requires two arguments: | https://realpython.com/lessons/hosting-https-flask/#t=48.84 |
| the server public key and the server private key. | https://realpython.com/lessons/hosting-https-flask/#t=51.54 |
| The server public key is the signed certificate issued by the CA to Alice. | https://realpython.com/lessons/hosting-https-flask/#t=54.96 |
| 01:01 | https://realpython.com/lessons/hosting-https-flask/#t=61.2 |
| The server private key is Alice’s private key that she used to create the CSR | https://realpython.com/lessons/hosting-https-flask/#t=61.2 |
| for the CA. Remember that when a private key is created, | https://realpython.com/lessons/hosting-https-flask/#t=66.57 |
| it’s encrypted with a password. | https://realpython.com/lessons/hosting-https-flask/#t=70.92 |
| 01:12 | https://realpython.com/lessons/hosting-https-flask/#t=72.75 |
| That’s going to be important in a second. In the lower window, | https://realpython.com/lessons/hosting-https-flask/#t=72.75 |
| I’m going to start up the server. | https://realpython.com/lessons/hosting-https-flask/#t=75.96 |
| 01:19 | https://realpython.com/lessons/hosting-https-flask/#t=79.14 |
| And because the private key is being used, Flask asks for a PEM pass phrase. | https://realpython.com/lessons/hosting-https-flask/#t=79.14 |
| This is the password that was used to encrypt the server private key. | https://realpython.com/lessons/hosting-https-flask/#t=84.54 |
| Typing it in allows the server to start. It’s running on port 5684 | https://realpython.com/lessons/hosting-https-flask/#t=89.52 |
| just like before, in order to be consistent. In a third window, | https://realpython.com/lessons/hosting-https-flask/#t=94.17 |
| I’m going to hit that with curl. | https://realpython.com/lessons/hosting-https-flask/#t=98.79 |
| 01:44 | https://realpython.com/lessons/hosting-https-flask/#t=104.28 |
| Uh-oh, that doesn’t look very good. What’s the problem? Well, | https://realpython.com/lessons/hosting-https-flask/#t=104.28 |
| by default, curl doesn’t know who the CA is. | https://realpython.com/lessons/hosting-https-flask/#t=109.2 |
| Charlie’s CA service isn’t in curl’s default list of CAs. | https://realpython.com/lessons/hosting-https-flask/#t=113.04 |
| 01:57 | https://realpython.com/lessons/hosting-https-flask/#t=117.48 |
| That means you have to tell curl about Charlie. You can tell | https://realpython.com/lessons/hosting-https-flask/#t=117.48 |
| curl about a different CA by passing in the CA’s public key on the command line. | https://realpython.com/lessons/hosting-https-flask/#t=121.62 |
| 02:07 | https://realpython.com/lessons/hosting-https-flask/#t=127.32 |
| You do that with the --cacert (CA cert) argument. | https://realpython.com/lessons/hosting-https-flask/#t=127.32 |
| 02:13 | https://realpython.com/lessons/hosting-https-flask/#t=133.98 |
| Well, that still didn’t work, but it’s a different error message this time. | https://realpython.com/lessons/hosting-https-flask/#t=133.98 |
| This time, it’s complaining that it doesn’t like the hostname | https://realpython.com/lessons/hosting-https-flask/#t=138.99 |
| '127.0.0.1'. | https://realpython.com/lessons/hosting-https-flask/#t=142.25 |
| 02:25 | https://realpython.com/lessons/hosting-https-flask/#t=145.86 |
| If you think back to the previous lesson, | https://realpython.com/lessons/hosting-https-flask/#t=145.86 |
| the CSR included two valid hostnames for the certificate: | https://realpython.com/lessons/hosting-https-flask/#t=147.96 |
| 'localhost' and 'alice.example.net'. '127.0.0.1' | https://realpython.com/lessons/hosting-https-flask/#t=152.34 |
| isn’t one of those valid hostnames, so the certificate doesn’t recognize it. | https://realpython.com/lessons/hosting-https-flask/#t=158.79 |
| 02:44 | https://realpython.com/lessons/hosting-https-flask/#t=164.25 |
| Even though your computer thinks localhost | https://realpython.com/lessons/hosting-https-flask/#t=164.25 |
| and 127.0.0.1 are the same thing, | https://realpython.com/lessons/hosting-https-flask/#t=166.32 |
| the certificate doesn’t. Most Certificate Authorities refuse to sign certificates | https://realpython.com/lessons/hosting-https-flask/#t=169.98 |
| for IP addresses, | https://realpython.com/lessons/hosting-https-flask/#t=175.89 |
| so you usually have to have a hostname. Third time’s the charm, | https://realpython.com/lessons/hosting-https-flask/#t=177.48 |
| this time with localhost. Still need the CA’s public key. | https://realpython.com/lessons/hosting-https-flask/#t=182.29 |
| 03:09 | https://realpython.com/lessons/hosting-https-flask/#t=189.75 |
| And there it is. | https://realpython.com/lessons/hosting-https-flask/#t=189.75 |
| shhhh, this is a secret. You’ve now successfully served your secret message over HTTPS. | https://realpython.com/lessons/hosting-https-flask/#t=191.73 |
| One thing to keep in mind is HTTPS only encrypts the channel. | https://realpython.com/lessons/hosting-https-flask/#t=198.06 |
| 03:22 | https://realpython.com/lessons/hosting-https-flask/#t=202.32 |
| It stops someone from sniffing the contents of the channel, | https://realpython.com/lessons/hosting-https-flask/#t=202.32 |
| but it doesn’t stop anyone from actually hitting the port. | https://realpython.com/lessons/hosting-https-flask/#t=205.59 |
| Anyone who’s willing to ignore a browser’s warning about an invalid certificate | https://realpython.com/lessons/hosting-https-flask/#t=209.64 |
| can still see the contents hosted on HTTPS. | https://realpython.com/lessons/hosting-https-flask/#t=213.75 |
| 03:38 | https://realpython.com/lessons/hosting-https-flask/#t=218.22 |
| You would need to combine the ideas from the Fernet code with this code to serve | https://realpython.com/lessons/hosting-https-flask/#t=218.22 |
| a secret message over HTTPS. | https://realpython.com/lessons/hosting-https-flask/#t=222.9 |
| 03:47 | https://realpython.com/lessons/hosting-https-flask/#t=227.64 |
| Congratulations! | https://realpython.com/lessons/hosting-https-flask/#t=227.64 |
| You’re now a CA capable of signing your own CSRs and hosting an HTTPS server | https://realpython.com/lessons/hosting-https-flask/#t=228.51 |
| with a self-signed certificate. In the last lesson, | https://realpython.com/lessons/hosting-https-flask/#t=233.64 |
| I’ll wrap up and show you some shortcuts that you could use to skip past all | https://realpython.com/lessons/hosting-https-flask/#t=236.79 |
| this code. | https://realpython.com/lessons/hosting-https-flask/#t=240.81 |
| April 5, 2021 | https://realpython.com/lessons/hosting-https-flask/#comment-02082de2-a35d-4501-9cfa-8dff6e05779e |
| April 6, 2021 | https://realpython.com/lessons/hosting-https-flask/#comment-36e2ae93-2738-4573-8758-fee91160b2e0 |
| April 7, 2021 | https://realpython.com/lessons/hosting-https-flask/#comment-91f54914-656d-49ca-89c2-b896ff2aa3cf |
| Sept. 3, 2024 | https://realpython.com/lessons/hosting-https-flask/#comment-6a697028-f29d-4f2a-93ee-a84aad226c35 |
| Sept. 3, 2024 | https://realpython.com/lessons/hosting-https-flask/#comment-ee88931c-6911-4fdc-a359-c5e5a3170ef9 |
| realpython.com/lessons/public-private-keys/ | https://realpython.com/lessons/public-private-keys/ |
| Sept. 3, 2024 | https://realpython.com/lessons/hosting-https-flask/#comment-23ca3a09-79df-4e13-a20f-98bd04e82d83 |
| Become a Member | https://realpython.com/account/join/ |
| https://realpython.com/lessons/coding-like-a-ca/ |
| Overview | https://realpython.com/courses/exploring-https-cryptography/ |
| https://realpython.com/lessons/exploring-https-summary/ |
|
Exploring HTTPS and Cryptography in Python (Overview) 11:05
| https://realpython.com/videos/exploring-https-overview/ |
|
Writing a Simple Server 10:20
| https://realpython.com/videos/write-simple-server/ |
|
A Brief Introduction to Cryptography 13:34
| https://realpython.com/lessons/brief-intro-cryptography/ |
|
Using Fernet Ciphers to Secure Your Content 05:46
| https://realpython.com/lessons/using-fernet-ciphers/ |
|
Exchanging Asymmetric Keys 12:56
| https://realpython.com/lessons/asymmetric-keys/ |
|
Creating Public and Private Keys 16:28
| https://realpython.com/lessons/public-private-keys/ |
|
Coding Like a Certificate Authority 09:32
| https://realpython.com/lessons/coding-like-a-ca/ |
|
Hosting HTTPS With Flask 04:03
| https://realpython.com/lessons/hosting-https-flask/ |
|
Exploring HTTPS and Cryptography in Python (Summary) 04:37
| https://realpython.com/lessons/exploring-https-summary/ |
| Privacy Policy | https://realpython.com/privacy-policy/ |
Viewport: width=device-width, initial-scale=1, shrink-to-fit=no, viewport-fit=cover