I've just discovered Twisted in Python, and have been looking at the echoserv_ssl.py sample as found here: https://twistedmatrix.com/documents/14.0.0/core/howto/ssl.html. Just above the sample code, the page quotes "The following examples rely on the files server.pem (private key and self-signed certificate together) and public.pem (the server’s public certificate by itself)."

So being something of a novice when it comes to SSL certs and keys, I did some research, and found http://www.thegeekscope.com/how-to-generate-self-signed-ssl-certificate-in-linux/

I followed the instructions there, and pointed my echoserv_ssl.py at the created file (step 3). However, that, together with any of the cert files that we have locally on our system seem to produce the same error:

# python echoserv_ssl.py
2014-09-17 15:12:54+0000 [-] Log opened.
2014-09-17 15:12:54+0000 [-] Traceback (most recent call last):
2014-09-17 15:12:54+0000 [-]   File "echoserv_ssl.py", line 23, in <module>
2014-09-17 15:12:54+0000 [-]     task.react(echoserv_ssl.main)
2014-09-17 15:12:54+0000 [-]   File "/usr/lib64/python2.6/site-packages/twisted/internet/task.py", line 875, in react
2014-09-17 15:12:54+0000 [-]     finished = main(_reactor, *argv)
2014-09-17 15:12:54+0000 [-]   File "/root/Robot/Twisted/echoserv_ssl.py", line 16, in main
2014-09-17 15:12:54+0000 [-]     certificate = ssl.PrivateCertificate.loadPEM(certData)
2014-09-17 15:12:54+0000 [-]   File "/usr/lib64/python2.6/site-packages/twisted/internet/_sslverify.py", line 619, in loadPEM
2014-09-17 15:12:54+0000 [-]     return Class.load(data, KeyPair.load(data, crypto.FILETYPE_PEM),
2014-09-17 15:12:54+0000 [-]   File "/usr/lib64/python2.6/site-packages/twisted/internet/_sslverify.py", line 725, in load
2014-09-17 15:12:54+0000 [-]     return Class(crypto.load_privatekey(format, data))
2014-09-17 15:12:54+0000 [-]   File "build/bdist.linux-x86_64/egg/OpenSSL/crypto.py", line 2010, in load_privatekey
2014-09-17 15:12:54+0000 [-]   File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 22, in exception_from_error_queue
2014-09-17 15:12:54+0000 [-] OpenSSL.crypto.Error: []

This rather empty error code doesn't seem that informative to me. Can anyone explain where I'm going wrong?

Thanks!

There are lots of ways to do this, as you've probably noticed.

Coincidentally, I had to generate a key and self-signed certificate just a couple days ago. I decided to save the code (and check it in to Twisted) rather than lose it and have to recreate it later. Perhaps it will help you:

https://twistedmatrix.com/trac/browser/trunk/twisted/test/server.pem

As I mentioned, this is far from the only way to do it and probably not nearly the best way, either. However, I'm sure that it works (the resulting certificate is used in Twisted's TLS test suite).

Notice that the file is a runnable Python program (running it generates a new key and certificate) and a loadable pem file containing a private key and certificate.