Intel® Collaboration Suite for WebRTC
Community support and discussions on the Intel® Collaboration Suite for WebRTC (Intel® CS for WebRTC).
1152 Discussions

Error in SSl connection version 2.0

Artem_M_
New Contributor I
‎01-24-2015 01:37 PM
722 Views

Version 2.0 can have ssl mode. The property for this is 

config.erizoController.ssl = true;

Our own certificates were replaced fine and anything worked... only in Chrome.

But Mozilla Throws Exception

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673. This can be fixed by moving the resource to the same domain or enabling CORS.


When we tried to open   https://xxxxx:8080/   Mozilla told us that certificate is unsecure.
So in default configuration our certificates weren't requested for ErizoController socket.io/1/

We had to change file ErizoController.js in part of enabling socket.io

 

i = require("https").createServer({
    key: require("fs").readFileSync(config.certificate.key).toString(),
    cert: require("fs").readFileSync(config.certificate.cert).toString(),
    passphrase: config.certificate.passphrase,
    ca: config.certificate.ca
}


was changed to 

i = require("https").createServer{
    key: fs.readFileSync(config.certificate.key2),
    cert: fs.readFileSync(config.certificate.cert2),                            
    requestCert: true
};

config.certificate.key2,config.certificate.cert2 - is Full path to certificate and key like /home/xxx/Release-v2.0/...    

after that - mozilla understood the certificate.    

0 Kudos

Link Copied

3 Replies
Chunbo_H_Intel1
Employee
‎01-26-2015 07:29 AM
722 Views

Hi Artem,

Do your certification have any difference between key/pem and key2/pem2?

0 Kudos
Copy link
Artem_M_
New Contributor I
‎01-26-2015 09:12 AM
722 Views

No - it is the same certificates. The only difference is key/cert   - has format like '../cert/cert.key' 

and key2/cert2 - has absolute way like '/var/cert/.../cert.key'

Work both with .key/.cert  formats and    key.pem/cert.pem

passphrase and ca - are empty for me - so i removed it from start script

0 Kudos
Copy link
Chunbo_H_Intel1
Employee
‎02-05-2015 07:43 PM
722 Views

Hi Artem,

We have tested the scenario you provided, and here is the result:

1. Create the cert.pem and key.pem with no passphrase
2. Set any value or null for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed.

pass


1. Create the cert.pem and key.pem with no passphrase
2. Set any value or null for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js      4.set the correct absolute path or relatively path for  config.certificate.cert and config.certificate.key

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed.

pass

1. Create the cert.pem and key.pem with passphrase
2. Set right value or illegal for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed only the passphrase was correct.

pass

It seems to be OK and as expected...

Can you upload the certificate files you used whose passphrase and ca are empty?

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.