From your description should be client side. Yes, trying to access the server aka company intranet
Sent from OnePlus ONEPLUS A6000 using GAGT
First of all, I'm not expertly versed in Python, nor into the event driven Twisted framework, so there are areas I may not be able to dwell deeply into. So I will try to help you from knowledge on SSL/HTTPS.
In your earlier post from the following piece of information
That is not private key related. It is the certificates chain. Normally your system will have a set of prepopulated root and intermediary certificates that is globally recognised. Some examples are like root certificates from Go Daddy, Verisign, Symantec, Comodo, Amazon, Thawte, etc...
If your system is public system, which are identified using a public hostname/domainname, then they are "normally" installed with certificates signed by one of these Public Certificate Authorities(CA). In this case, your python code will not require to supply certificate chain information/file.
When you client code attempt to connect to the server, part of the SSL negotiation dialogue is to present its public certificate to the client. The client will attempt to trace all the way to a trusted root certificate already installed in the system. If it can be done successfully, then the SSL connection is validated. If not, then the SSL is considered unsafe and should be revoked.
Should your company server is using self-signed certificate, or privately signed CA, then you will need to install the self-signed certificate or the private CA that is signing the server certificate into the client system that is running the code. Doing so will allow validation of the server certificate.
In the image above, the orange portion is the server certificate, the green portion may or may not exist or can even have multiples is the intermediate certificates that sign the server certificate. The blue portion is the root certificate that sign the intermediate certificates or the server certificates.
There are more details to this certificates validation process which I don't want to dwell into for the information above would take you sometime to digest already.
You don't have to resort to the method provided.
The fragment of codes from echoclient_ssl.py is explicitly referring to such a certificate chain file.
Code:
certData = getModule(__name__).filePath.sibling('public.pem').getContent()
authority = ssl.Certificate.loadPEM(certData)
options = ssl.optionsForClientTLS(u'example.com', authority)
You can do so using
Code:
#certData = getModule(__name__).filePath.sibling('public.pem').getContent()
#authority = ssl.Certificate.loadPEM(certData)
options = ssl.optionsForClientTLS(u'example.com')
if the server certificate return by example.com is publicly signed, or signed by a private CA, or self-signed and the root certificate is found in your system running the python client code.
I hope this helps to clarify the certificate doubts.
