Skip to content

Oudarja/Implementation_of_HTTPS_by_FastAPI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.https_
.https_
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
cert.pem
cert.pem
 
 
key.pem
key.pem
 
 

Repository files navigation

OpenSSL is a widely used, open-source software library and toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

It provides cryptographic functions for securing communications over networks, such as the internet

Most Linux distributions (Ubuntu, Debian, Fedora, etc.) install OpenSSL by default because it is used for:

  • HTTPS
  • SSH
  • package downloads
  • system security
  • certificates So it is usually already present.

Steps to set up HTTPS:

  • openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes key.pem → private key cert.pem → certificate This command generates an HTTPS private key and a self-signed certificate.

    1. x509: This tells OpenSSL to generate a self-signed certificate Normally certificates are signed by a Certificate Authority (CA) like: - Let's Encrypt - DigiCert - GlobalSign

      But -x509 means: The server signs its own certificate. So browsers show:

      • Connection not private
      • because it is not trusted by a CA.

      Used only for:

      • local development
      • testing
      • internal systems

      Usually trusted certificates from a Certificate Authority (CA) cost money

    2. newkey rsa:4096 : This creates a new private key.means -encryption algorithm → RSA -key size → 4096 bits -Larger key = more secure. keyout key.pem: Save the private key to: key.pem. This file must never be shared.Only the server uses it.

    3. out cert.pem: Save the certificate to: cert.pem. This contains:

      • public key
      • organization info
      • signature
      • expiration date This file can be shared publicly.

    4. days 365: Certificate will be valid for: 365 days After that it expires.

    5. -nodes: No DES encryption . Without this option OpenSSL would ask: Enter passphrase for key.pem.Then every time the server starts you must type the password. -nodes removes that requirement.Used for development servers.

  • uvicorn app:app --host 0.0.0.0 --port 8443 --ssl-keyfile=key.pem --ssl-certfile=cert.pem: Which starts API on: https://localhost:8443

  • Real Production Flow (Important): In production -x509 is not used. Instead:

    • Server → Generate CSR (Certificate Signing Request)
    • CSR → Sent to Certificate Authority
    • CA → Issues trusted certificate

    Example CA:

    • Let's Encrypt
    • Cloudflare
    • DigiCert

    Then command used as openssl req -new -key key.pem -out mycsr.csr

    CSR contains:

    • Public key
    • Domain name
    • Organization info

    Send CSR to CA

    The CA verifies:

    • You control the domain
    • Your organization info (for extended validation) CA issues a certificate
    • Signed by the CA
    • Trusted by browsers

    It can be installed on server and Browser trusts this certificate automatically.

About

THis repository is oriented with implementation of simple end point which is secured by HTTPS (secured HTTP) protocol(just testing purpose only). OpenSSL has been used here to create cert.pem and key.pem. Instead of CA(Certificate Authority) self signed certificate has been created .

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages