First to explain our application, its as follows...
1)We have one UBUNTU server where we are running Apache Tomcat and also RESTCOMM.
2) We have two application war files. One is the main application and another is a customized OLYMPUS Application to facilitate WebRTC calls. Now our Main application has a menu option which when clicked will load customized OLYMPUS Application into the browser and facilitates the WEBRTC for users.
3) We have tested this properly by using Self Signed Certficate and all is working well. But now we want to use CA apporved SSL Cert.
4) for this we have bout SSL CERT from GODADDY and for this the CSR was generated for Apache and then by using that CSR we downloaded the SSL CERT for Apache and configured by following the same process of how we configured Self Signed Cert.
5) Our main application is working well with the newly installed CA SSL Certificate. But when we try to load the customized OLYMPUS application we are getting the following error ...Web socket connection to ‘wss://>:/’ failed: WebSocket opening handshake was canelled.
We are able to get all working with self signed cert, but we are stuck with this problem when we use CA Approved SSL Cert from GO DADDY.
Request your suggestions pls.
Thanks in advance
Ias M
You need to configure Restcomm to use SSL Cert as well since the Websokets secure connection goes directly to Restcomm. Which method are you using for runnning Restcomm, using the zip file or the docker image ? Also which version of Restcomm are you running ?
Related
I have a website built and running on IIS / Win 2012R2, its only accessible within my local network and will never reach the outside world.
Currently, I'm using a self-signed SSL certificate that I have installed on all my windows machines, no problem!
I now need to get the website to work on Android 7.7 tablets, without the chrome browser complaining about the use of a self-signed certificate. I'm not able to install my Self-Signed certificate on these devices so I need to use an online CA.
The question is, how can I link an online CA to our internal website? The key issue being I don't have a domain, the path to access the website is https://servername/website
Is this even possible at all?
We're not using Kestrel, nor IIS Express. We use IIS for local development. Thus we can't find out any command of dotnet dev-certs to help us.
We can create a self-signed certificate in IIS by going into server node, then Server Certificates, then Create a self-signed certificate, and give it a name and either Personal or Web Hosting, and it's created. Then use it in binding of our site (443, https, choosing certificate and domain.local)
However, when we want to go to domain.local in Google Chrome we get that untrusted certificate warning.
We can export certificate in IIS and double click it to install it in Windows. Now the error we see in Chrome is that this certificate is created for LocalComputerName and can't be used for domain.local.
At this point we're stuck at how to specify domains (Subject Alternative Names or SAN) for self-signed certificates, and how to automate this process from command line.
Any help?
Currently trying to see what https calls are made by a thick client application using JMeter HTTP(S) Test Script Recorder. However for some calls I am getting "Problem with SSL certificate for url for '...'? Ensure browser..."
The Apache Generated Certificate has been installed on the JRE used by the application as well as the keystores that are used by the application. This allowed us to begin recording and get some calls, however for one domain we do not get anything.
When the JMeter cert is installed on IE, we can access the domain without SSL error. Note that we do get an SSL error when trying to access without the proxy server - Is this related?
Bit stuck here unfortunately, I've been looking into a way we can use group policy to force the certificate to be used? Is this a good approach? (+ Would it even work?)
I'm trying to connect to my Meteor project via SSL/TLS.
Therefore I did the following:
meteor add force-ssl
in the meteor folder.
Then I start the programm with 'meteor'.
Everything is running fine on localhost, but if I want to connect to the server with giving the IP and Port over http, I get redirected to a https connection with the same IP and an 'Unable to connect message'.
Note: I created a certificate on my own an put it into the Meteor/server folder.
Does anyone know my mistake?
If you need to enable SSL support for your Meteor app deployed with Meteor Up. Now it has the support for SSL. You just need to tell where the SSL certificate and the key are.
If you are not familiar with the process of generating a SSL certificate, follow this guide.
Disclaimer: I'm the author of Meteor Up.
You can't just put the certificate inside Meteor/server folder. You will need a web server to proxy the request and configure that server with your certificate (Docs also say that, search for force-ssl: http://docs.meteor.com/)
I recommend you to put an nginx instance as the proxy. Here an example of how to do it: http://www.digicert.com/ssl-certificate-installation-nginx.htm
I am having the same issue with client certificates that many people have reported, but none of the solutions I've seen have worked for me. I have a client I wrote in VB.Net (using VS 2010 and .Net framework 4.0) that needs to connect to a web service running on Apache Tomcat/5.0.27. It works fine with SSL when client certificates are not required, but as soon as client certificates are required, it fails with “THE REQUEST WAS ABORTED: COULD NOT CREATE SSL/TLS SECURE CHANNEL”
Testing it with Internet Explorer (8, 9 and 10, on XP and Win7x32), when SSL is enabled (configured on Tomcat by setting sslProtocol="TLS" secure="true" scheme="https" in the system.xml file), but client certificates are disabled (clientAuth="false"), IE is happy after the CA certificate and the server certificate are installed on the client PC. (IE will complain without the certificates, but you can tell it to ignore the warning. When the certificates are installed, it connects without any warnings.) When client certificates are required (clientAuth="true"), IE will not connect. After I import the client certificate file, it still does not connect. IE shows that the client file is installed, and it shows the certificate is ok and it trusts the CA, but it shows it in what seems to be the wrong store: Intermediate Certificate Authorities, and client authentication is not ticked under Purpose. The MMC certificates snap-in shows the client certificate is in the Personal - Current User store.
The certificate was issued to us by the owners of the web service, so in theory it has to work. The properties look ok, and the purpose shows "All application policies".
I need to get this to work with my .Net client. I use a Web Reference to create the connection to the web service. I set PreaAuthenticate=True, and attach the certificate file to the web reference, and can see it attached in the IDE. Using Network Monitor, I can see that the server sends certificates to the client (in two large packets), but the client doesn't seem to send any back to the server.
I have tried various recommendations, e.g. setting ServicePointManager.Expect100Continue = true and
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3, but this makes no difference.
I have disabled firewalls and proxy servers, so nothing should be blocking the traffic.
I'd appreciate any help.
Ok, it turns out there is a problem with the certificate they supplied, or it is somehow incompatible with the client. I found instructions on using OpenSsl to create a certificate, and it works with their server. They used java's keytool to make the certificate, so either it creates an incompatible certificate, or they didn't use the right procedure, and the procedure I used with OpenSsl is the correct one.
The steps in OpenSsl are to create a private key file (client.key), create a certificate request (client.req), sign the key (client.pem) then export it (client.pfx).