I'm building an Expo (React Native) app in which I need to talk to multiple internal servers that user self-signed SSL certificates.
I've been able to bypass the SSL issues when making an HTTPS request by using rn-fetch-blob.
However, I haven't been able to figure out how to bypass those same issues when using the Websocket API.
Is there a way to bypass SSL certificate issues when connecting to wss://<some-ip>:<some-port>?
When I try to connect to the wss:// endpoint on the server, I see an error on the server logs that terminates the connection:
Illegal SNI hostname received [49, 50, 55, 46, 48, 46, 48, 46, 49]
However, if I disable TLS and use an insecure endpoint ws:// then it all works fine.
Related
I created a message flow having rest request node to connect to an API. API security enabled received the following error:
BIP3165S: An error occurred whilst performing an SSL socket operation.
Operation: connect. Error Text: javax.net.ssl.SSLHandshakeException:
com.ibm.jsse2.util.j: PKIX path building failed:
com.ibm.security.cert.IBMCertPathBuilderException: unable to find
valid certification path to requested target.
How do I solve this issue in my message flow?
I disabled SSL but still received the same error.
What is the SSL client and server endpoints? Assuming this connection is:
WAS (server) <------SSL------> API (Client)
In one-way SSL, the solution is to add the root or intermediate certificate (from the WAS server's chain) to the client's trust store.
"PKIX path building failed" usually indicates that the SSL client was unable to authenticate the SSL server (remote host). To authenticate the server, the client needs to have the server's root or intermediate certificate in its trust store.
If this is happening with traditional WebSphere as the client, we can try to add the signer certificate with retrieve from port.
If mutual authentication is enabled, the issue can be with the server being unable to authenticate the client.
Either way, an SSL exception should not occur with SSL disabled. Maybe the server wasn't re-started after disabling SSL? Maybe SSL wasn't disabled correctly (on both endpoints)? Maybe the API was still trying to use HTTPS with SSL disabled?
I am forcing a dummy SSL for my localhost running through xampp. Now I am using web sockets which asks for 'wss:' instead of 'ws:'. But when using 'wss', I am getting the following Error:
WebSocket connection to 'wss://192.168.1.5/?aswin' failed: WebSocket opening handshake was canceled
I am new to this, I don't know what's causing this issue.
Remember to change the port number to a one different to the one you used for not secure connections. Some browsers get confused if suddenly a port becomes secure or viceversa.
Remember to use the hostname indicated in the certificate to connect and not the IP.
If you are using a self-signed certificate, use it for HTTPS so you can see the dialog for accepting that certificate. When accessing via WSS:// there is not certificate acceptance dialog, it will just fail to connect.
I can't get CouchDB working over SSL. The certificates are fine, and indeed I have tested with self signed, and the test certificates for Couch at https://github.com/mochi/mochiweb/blob/master/examples/https/
It's an Ubuntu box, running couch 1.6.1 and the SSL certificates all check out when checked at https://www.digicert.com/help/
The error does not appear when testing via curl, but does when attempting connection from a browser. The error line in the log is:
SSL: certify: tls_connection.erl:375:Fatal error: decode error
When I used set doc=db.GetDocumentByURL(url,1,1,,,,,False) to get a page/file under http, it returned the web page/file successfully as a Notes document.
But when I used set doc=db.GetDocumentByURL(url,1,1,username,password,,,False) to get an ssl page/file under https, where url is like "https://docs.google.com/document/d/xxxxoooo/edit", it failed and the remote console showed the error messages:
SSL Error: Keyring File access error
Connection interrupted: SSL Error: Bad or missing remote certificate
Can't db.GetDocumentByURL() access an ssl page/file? What should I do?
Assuming you are using Windows - make sure that IE can open the page. I've seen this problem in case the server's SSL certificate was self-signed and installing it in IE solved the problem.
I want to use CharlesProxy to sniffer https requests ,i've installed the cert in my iphone, and set using ssl in CharlesProxy,but when the app make requests, Charles Proxy displays:Received Close notify during handshake
In the newer versions of Charles, the SSL certificate must be installed on the device from charlesproxy.com/getssl, while the device is already being proxied through the Charles instance that you want to use.
(As opposed to installing the SSL certificate from charlesproxy.com/charles.crt, with or without being proxied.)
Did you do this?