Secure websockets
Options
Hi
I'm trying to get Photon setup to receive web socket connections that are secured using our SSL certificate.
Running certmgr.msc i have imported the certificate with the friendly name "GenericSoccoramaCert" also the certification path is reported OK from "GenericSoccoramaCert" -> "AlphaSSL CA - G2" -> "GlobalSign"
The certificate is in the personal certificates section.
I've setup the WebSocketListeners like this in the PhotonServer.config:
I've created a dns entry localhost.soccorama.com that resolves to 127.0.0.1 this works when running the website locally with ssl on.
I've inserted console.log into the prepareUrl() function to see what url the web socket is opened on.
localhost.soccorama.com is covered by our ssl certificate and it works with the site running locally from apache on my machine.
Then after a couple of seconds i get:
So it seems to me it's trying to connect as it should but there seems to be no answer.
I've mailed back and forth with Stefan and finally he suggested taking it on the forums so everyone could benefit.
Any ideas?
Hans-Henrik Jensen - Soccorama.com
I'm trying to get Photon setup to receive web socket connections that are secured using our SSL certificate.
Running certmgr.msc i have imported the certificate with the friendly name "GenericSoccoramaCert" also the certification path is reported OK from "GenericSoccoramaCert" -> "AlphaSSL CA - G2" -> "GlobalSign"
The certificate is in the personal certificates section.
I've setup the WebSocketListeners like this in the PhotonServer.config:
<WebSocketListeners>
<WebSocketListener
IPAddress="0.0.0.0"
Port="5055"
DisableNagle="true"
InactivityTimeout="60000"
OverrideApplication="WOFMasterServer"
secure="true"
storename="My"
certificatename="GenericSoccoramaCert"
usemachinestore="false">
</WebSocketListener>
<WebSocketListener
IPAddress="0.0.0.0"
Port="5056"
DisableNagle="true"
InactivityTimeout="60000"
OverrideApplication="WOFLobbyServer"
secure="true"
storename="My"
certificatename="GenericSoccoramaCert"
usemachinestore="false">
</WebSocketListener>
<WebSocketListener
IPAddress="0.0.0.0"
Port="9090"
DisableNagle="true"
InactivityTimeout="60000"
OverrideApplication="WOFOnlineActivityServer"
secure="true"
storename="My"
certificatename="GenericSoccoramaCert"
usemachinestore="false">
</WebSocketListener>
</WebSocketListeners>
I've created a dns entry localhost.soccorama.com that resolves to 127.0.0.1 this works when running the website locally with ssl on.
I've inserted console.log into the prepareUrl() function to see what url the web socket is opened on.
WS prepareUrl: wss://localhost.soccorama.com:9090/
localhost.soccorama.com is covered by our ssl certificate and it works with the site running locally from apache on my machine.
Then after a couple of seconds i get:
WebSocket is closed before the connection is established. localhost.soccorama.com
So it seems to me it's trying to connect as it should but there seems to be no answer.
I've mailed back and forth with Stefan and finally he suggested taking it on the forums so everyone could benefit.
Any ideas?
Hans-Henrik Jensen - Soccorama.com
0
Comments
-
Works fine if i just change these options:
In the WebsocketListener:
secure = false
in Firefox (about:config):
network.websocket.allowInsecureFromHTTPS = true
Chrome doesn't seem to care about insecure websockets from https..
- HH0 -
I've tried also adding the cerficate to the local computer store as shown here http://support.microsoft.com/kb/232137
Still doesn't work.
- HH0 -
The WebSocketListeners still seem to act as without ssl.
I sometimes get lines like these in the Photon-Instance-20120910.log
4872: 16:10:24.739 - CTCPWebSocketServer::ReadCompleted - Exception - CHandshakeParser::ParseMethod() - Unexpected method, expected: "GET" got: "<binary stuff>
Also if i try forcing it to connect using ws:// without ssl it connects fine.
- HH0 -
Argh, seems the code snippet parser in our docs is messing things up, lowercasing all 'XML'.
Since Photon config is case sensitive please try with the below, merging in the affected attributes:<WebSocketListeners> <!-- Web Sockets Listener with SSL --> <WebSocketListener IPAddress="0.0.0.0" Port="9091" DisableNagle="true" InactivityTimeout="10000" OverrideApplication="Lite" Secure = "true" StoreName = "My" CertificateName = "MyCustomCertificate" UseMachineStore = "false"> </WebSocketListener> </WebSocketListeners>0 -
That did it. Also the CertificateName was not the FriendlyName but the IssuedTo name.
<WebSocketListener IPAddress="0.0.0.0" Port="9090" DisableNagle="true" InactivityTimeout="60000" OverrideApplication="WOFOnlineActivityServer" Secure="true" StoreName="MY" CertificateName="*.soccorama.com" UseMachineStore="false"> </WebSocketListener>
Thanks!0 -
Thank you for your patience, am glad the banana got finally yellow ...
0
![[Deleted User]](https://wf.vanillicon.com/v2/fd4b6ff1ec06dbd3573beb28d69c1ba5.svg)