Starting a Simple SSL/TLS Web Server for Software Development and Testing

Starting a Simple SSL/TLS Web Server for Software Development and Testing

Sometimes you just need a simple SSL/TLS (https) webserver quickly available for testing or software development but it’s a pain to have to install and configure a full blown heavyweight webserver for this purpose.

Starting an SSL web server can however easily be achieved in Python in only a couple of lines of code.

Under no circumstances use the below method for production or expose it to the open internet as it’s insecure. Use only as a personal development or testing server.

The first thing you need is a certificate and private key for the server. For a production system these are obtained from a commercial supplier or a free alternative like Let’s Encrypt. But what if you just want something quick and easy for testing? Well you can make your own (self-signed certificate) easily on the command line using openssl. This is no use for a production server as it will generate security warnings but is fine for a personal test server as you can just ignore the messages.

Run the following command which will generate the key and certificate:

openssl req -new -x509 -nodes -out server.crt -keyout server.key

You’ll be asked a number of questions as below. Just hit return and enter nothing for every question as we don’t care about the validity of the certificate:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Now combine the certificate and key into a single (PEM) file like this:

cat server.crt server.key > cert_and_key.pem

Now run the following Python script:

#!/usr/bin/env python3

import http.server, ssl

server_address = ('localhost', 4443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
                               server_side=True,
                               certfile='cert_and_key.pem',
                               ssl_version=ssl.PROTOCOL_TLS)
httpd.serve_forever()

And that’s it. Your SSL web server is now available on port 4443. Point your web browser at:

https://localhost:4443/

The attentive reader might notice one immediate security problem with this which is the server’s key is in the same directory as the web server is serving and therefore any user of the server can access the key! You might want to move it to a different directory :)

You’ll get a horrendous looking security warning from your browser when you try to access the server. However there should be an option to just click through it somewhere and ignore it. It’s just telling you the certificate is not trusted by the web browser, which it isn’t because we made it ourselves and didn’t use a proper trusted authority. This example is from Firefox and the option to bypass the warning is under “Advanced”.