1. 生成证书
   （1）生成rsa密钥 openssl genrsa -des3 -out server.key 1024
   （2）去掉密钥文件保护密码 openssl rsa -in server.key -out server.key
   （3）生成ca对应的csr openssl req -new -key server.key -out server.csr
   （4）自签名 openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
   （5）cat server.crt server.key > server.pem

2. python脚本

   #!/usr/bin/python
   
   from twisted.web import resource
   from twisted.web import server as webserver
   from twisted.internet import reactor
   from OpenSSL.SSL import Context, TLSv1_METHOD
   import time, threading, logging
   
   HTTPS_PORT = 443
   
   class HTTPServer(resource.Resource):
       isLeaf = True
   
       def getarg(self, req, arg):
           args = req.args
           if arg not in args or len(args[arg]) == 0:
               return None
           return args[arg][0]
   
       def render_POST(self, request):
           print(request.content.read())
           return b"abc"
   
       def render_GET(self, request):
           return b"get"
   
   class ContextFactory:
       def __init__(self, context):
           self.context = context
   
       def getContext(self):
           return self.context
   
   
   def main():
       cert = "./server.crt"
       key = "./server.key"
   
       httpserver = webserver.Site(HTTPServer())
       context = Context(TLSv1_METHOD)
       context.use_certificate_chain_file(cert)
       context.use_privatekey_file(key)
   
       reactor.listenSSL(HTTPS_PORT, httpserver, ContextFactory(context), interface='0.0.0.0')
   
       reactor.run()
   
   
   if __name__ == '__main__':
       main()

3. 在 mac 钥匙串中将证书种类标记成 系统，同时在证书处改成SSL始终信任