I have created two classes server and client. Server starting with ssl as below
HttpServer server =
vertx.createHttpServer(new HttpServerOptions().setSsl(true).setKeyStoreOptions(
new JksOptions().setPath("server-keystore.jks").setPassword("wibble")
));
Also one more i.e. client
vertx.createHttpClient(new HttpClientOptions().setSsl(true)).getNow(4443, "localhost", "/", resp -> {
System.out.println("Got response " + resp.statusCode());
resp.bodyHandler(body -> System.out.println("Got data " + body.toString("ISO-8859-1")));
});
While running both On client I am getting "Failed to create SSL connection". Is there any way to configure anything related to ssl?
To enable ssl in vertx you can use keystore.jks file
Then use following configuration :
HttpServerOptions secureOptions = new HttpServerOptions();
if (Configuration.SSL_enabled) {
LOG.debug("Secure Transport Protocol [ SSL/TLS ] has been enabled !!! ");
secureOptions.setSsl(true)
.setKeyStoreOptions(new JksOptions().setPath(Configuration.SSL_filename)
.setPassword(Configuration.SSL_password))
.setTrustStoreOptions(new JksOptions().setPath(Configuration.SSL_filename)
.setPassword(Configuration.SSL_password))
.addEnabledSecureTransportProtocol(Constants.TLS_VERSION_1)
.addEnabledSecureTransportProtocol(Constants.TLS_VERSION_2);
}
vertx.createHttpServer(secureOptions).requestHandler(router::accept).listen(Configuration.port);
I hope this will help you :)
Related
I'm trying to implement an mqtt over websocket client subscriber in Blazor using Paho. The problem is it insists on using wss instead of ws and throws an ERR_SSL_PROTOCOL_ERROR error upon connection.
Here's a simplified code block:
var mqtt;
var host = "api.mydomainexample.com";
var port = 1884;
function onConnect(){
console.log("connected ! Now listening for messages ..");
mqtt.subscribe("someTopic");
}
function onFailure(message){
console.log("connection to host failed: " + message);
}
function onMessageArrived(msg){
var message = "Message received on topic '"+ msg.destinationName +"': "+ msg.payloadString;
console.log(message);
}
function mqttConnect() {
console.log("connecting to " + host + " ..");
mqtt = new Paho.MQTT.Client(host, port, clientid);
var options = {
timeout: 3,
onSuccess: onConnect,
onFailure: onFailure,
useSSL: false
};
mqtt.onMessageArrived = onMessageArrived;
mqtt.connect(options);
}
I copied this code into an html page created in notepad, called the function from the html body and ran the file in browser. It worked and subscribed well.
Also I added useSSL: false in the connection options although I didnt have it before but still didnt work.
here's the error I'm having from console:
WebSocket connection to 'wss://api.mydomainexample:1884/mqtt' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
I also changed my projects launch settings so that it launches as http and not https because based on this answer, I cannot use a ws from a page loaded through https.
Any ideas ? Can't I just connect to a websocket without certificate in blazor?
Ok it turns out that when creating the blazor application, there is an option to 'configure on https' where this option causes requests redirection from http to https and consequently asks for secure wss instead of ws.
Hope this helps someone!
I am trying to connect to wss(proxy) with self-signed certificate using wscat and browser but it giving me errors.
https running on 8443 with certificate cert.pem
proxy running on 8080 with secure true
Things I have tried to make sure my secure server is running properly.
I can reach https://localhost:8443 and receive "hello from a secure world"
I can connect to wss://localhost:8443 with wscat wscat -c wss://localhost:8443 --ca cert.pem and it works
Errors I get:
I cannot reach the proxy https://localhost:8080 from browser. I get This site can’t provide a secure connection and 500 status code
I cannot connect to wss://localhost:8080 with wscat -c wss://localhost:8080 --ca cert.pem I get error: write EPROTO 140266887743360:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
What I think the issue is that my proxy server is unable to take the cert.pem and pass it to the https server. I have looked everywhere but I can't find how to connect to wss(proxy) with a self-signed certificate. I can't supress the
/server
const app = express()
app.use('/', function (req, res) {
res.writeHead(200);
res.end("hello from a secure world\n");
})
export const server = https.createServer({
cert: fs.readFileSync(path.resolve(__dirname, 'cert.pem'), 'utf-8'),
ca: fs.readFileSync(path.resolve(__dirname, 'cert.pem'), 'utf-8'),
key: fs.readFileSync(path.resolve(__dirname, 'server.key'), 'utf-8')
}, app)
const wss = new WebSocket.Server({ server });
wss.on('connection', function connection(ws) {
console.log("connected");
ws.on('message', function incoming(message) {
console.log('received: %s', message);
ws.send('hello from server!, the time is: ' + timestamp());
});
});
/Proxy
const wsProxy = createProxyMiddleware('/', {
target: `https://localhost:8443`,
changeOrigin: true,
secure: true,
ws: true,
ssl: {
cert: fs.readFileSync(path.resolve(__dirname, 'cert.pem')),
}
});
const app = express();
app.use(wsProxy);
const proxy = app.listen(8080)
proxy.on('upgrade', wsProxy.upgrade); // <-- subscribe to http 'upgrade'
Okay, it turned out that I was missing something crucial there. There wasn't really a "proxy websocket" I was confusing https proxy with websocket proxy. Once I made sense of that it solved my problem. I had to create a websocket with using https server(with cert and key) then I could just connect to the wss with the same cert and key :)
I have an Apache webserver with a valid SSL certificate. It runs my web application on it. Let's call it Server A.
Then I have a second server running a Node-Js server with a valid SSL certificate. There also socket.IO runs. And this one we call Server B.
A client requests the web application at server A and gets the desired page displayed. If the page is set up at the client, a connection to server B is established via websockets. If another client should change something on the page, it will be adapted for all currently connected clients.
Websockets work as desired. As long as the page is accessed via a computer browser.
If I now go to the website with my smartphone (Iphone 7) via Safari or Chrome (WLAN), no connection to the websocket server (Server B) is established.
Then I set up a small websocket example on http without encryption.
There the websockets work on the smartphone browser.
I hope I could describe my problem understandably. I am very grateful for hints, examples or similar.
// This script run on my Server
const fs = require('fs');
const server = require('https').createServer({
key: fs.readFileSync('myserver.key', 'utf8'),
cert: fs.readFileSync('myserver.cer', 'utf8'),
passphrase: ''
});
let io = require('socket.io')(server);
server.listen(3003);
io.on('connection', function (socket) {
console.log("User Connected connect " + socket.id);
socket.on('disconnect', function () {
console.log("User has close the browser " + socket.id);
});
socket.on('feedback', function (data) {
io.sockets.emit('feedback', data);
});
});
// On Clientsite
socket = io.connect('wss://adressOfServer:3003', {
// secure: true,
transports: ['websocket'],
upgrade: false,
rejectUnauthorized: false
//Here I have already tried many combinations
});
socket.on('connect_error', function (error) {
// alert(error);
});
After setting up parse on https I receive this message .
'WARNING, Unable to connect to https://localhost:2096/parse'.
Cloud code and push notifications may be unavailable!
here is my configuration :
serverURL: 'https://localhost:2096/parse',
publicServerURL: 'https://core.com:2096/parse',
var credentials = {key: privateKey, cert: certificate};
var port = 2096;
var httpsServer = require('https').createServer(credentials, app);
any idea how to make it work ?
Regards
I am trying to figure out how can I connect to Odata with ssl certificate authentification. We are using it with openUI5. Application is running as mobile application.
I tried several connection types on mobile device:
http is working good
https with optional certificate works good
https with required certificate Cannot access data
I also tried several connection types from browser:
http is working good
https with optional certificate works good
https with required certificate Can access data
So i was thinking that when I specify the certificate inside of header when creating the oModel inside of the app, it would work. But I don't know how to specify it correctly.
I tried to access certificates using this class:
https://help.sap.com/saphelp_smp235/helpdata/en/94/78b8de6c9110149d2cd7d1ca6ec99d/content.htm
It looks like this:
var certStore = listAvailableCertificatesFromFileSystem();
var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/", "p12");
var cert = certStore.getSignedCertificateFromFile(certPaths[0], servicePassword);
var headersMap = [];
headersMap["SSL_CLIENT_CERT"] = cert.signedCertificate; // here I dont know how could I access it.
this.oModel = new sap.ui.model.odata.v2.ODataModel(this.serviceUrl, {
user: serviceLogin,
password: servicePassword,
withCredentials: true,
disableHeadRequestForToken: false,
useBatch: false,
headers: headersMap // here i specify the header...
});
Thank you