I am using windows 7 and python 2.7 I created local https server with redirect url to server as its IP address. I created cert file for https using openssl. Everyting is fine but getting SSL Exception when it redirects to local https server. Since, this server is created locally, everytime my application is launched, so we cannot buy a ssl certificate, since redirect url is system's IP address. I used this for creating local server. So, how to avoid this SSL Exception.
Whoever is operating the server needs a valid certificate for it, matching the hostname used to visit the site.
If the application is only visited from the local machine, just call it using 127.0.0.1 instead of the external IP, without HTTPS. Since the data never leaves the machine, using HTTPS is pointless. (In this situation, you probably also want to bind the web server to 127.0.0.1 to prevent others from visiting the site).
If the application is visited from other machines on the network too, and you want to use SSL, whoever runs the application will need a certificate matching the hostname in the URL. You can't get certificates for private IPs (e.g. 192.168.1.1 or 10.2.3.4), but if it is a public IP, you might be able to get a certificate for that.
It is much more reasonable, though, to point some host name (DynDNS if your CA allows it, or a subdomain of a domain belonging to whoever runs the app) at the IP. For example, a company called Example owning example.com could use webapp.example.com, point it to their server, and get a cert for that. Whoever runs the server will need to deploy that certificate, and your app needs to be designed to accept it. You will need one certificate per customer site. No (secure) way around that if you want it to work on out-of-the-box browsers.
You might be able to simplify the process by providing automated workflows to request certificates, or even creating your own dyndns-like service for your customers, where they can register theirname.yourservice.com, get it pointed to the IP of their desire, and get a cert for their host from you. (This requires them to trust you a lot and is somewhat of an antipattern, but possibly the least nasty solution.) You still need to make sure that every customer has their own certificate. Most importantly, DO NOT try getting a wildcard certificate for such a domain and distributing the cert and private key together with the app. Anyone who has a copy of your app would be able to attack the "secure" connections. More importantly, once the CA finds out, your cert gets revoked, and that will prevent access to the site with a very harsh warning and no way to bypass the warning. And probably get you in trouble with the CA for violating your agreement with them to safeguard the private keys.
Another option, though, is to just generate a self-signed certificate on first startup, and output the fingerprint. Do not use the same hardcoded certificate for all installations, as convenient as it may be, because a private key distributed to all your customers is not private. This certificate will generate the warning you are seeing. You will now have to add this certificate or an exception for this site to the browsers used to visit the app. As long as you verify the fingerprint, this is secure - it is just more work. Depending on the browser users are using, there may be ways to easily roll out such a cert to multiple machines.
