Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
5 Views

Error in SSl connection version 2.0

Version 2.0 can have ssl mode. The property for this is 

config.erizoController.ssl = true; 

Our own certificates were replaced fine and anything worked... only in Chrome.

But Mozilla Throws Exception

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673. This can be fixed by moving the resource to the same domain or enabling CORS.


When we tried to open   https://xxxxx:8080/   Mozilla told us that certificate is unsecure.
So in default configuration our certificates weren't requested for ErizoController socket.io/1/

We had to change file ErizoController.js in part of enabling socket.io

 

i = require("https").createServer({
    key: require("fs").readFileSync(config.certificate.key).toString(),
    cert: require("fs").readFileSync(config.certificate.cert).toString(),
    passphrase: config.certificate.passphrase,
    ca: config.certificate.ca
}


was changed to 

i = require("https").createServer{
    key: fs.readFileSync(config.certificate.key2),
    cert: fs.readFileSync(config.certificate.cert2),                            
    requestCert: true
};    

config.certificate.key2,config.certificate.cert2 - is Full path to certificate and key like /home/xxx/Release-v2.0/...    

after that - mozilla understood the certificate.    

Tags (2)
0 Kudos
3 Replies
Highlighted
5 Views

Hi Artem,

Hi Artem,

Do your certification have any difference between key/pem and key2/pem2?

0 Kudos
Highlighted
New Contributor I
5 Views

No - it is the same

No - it is the same certificates. The only difference is key/cert   - has format like '../cert/cert.key' 

and key2/cert2 - has absolute way like '/var/cert/.../cert.key'

Work both with .key/.cert  formats and    key.pem/cert.pem

passphrase and ca - are empty for me - so i removed it from start script

0 Kudos
Highlighted
5 Views

Hi Artem,

Hi Artem,

We have tested the scenario you provided, and here is the result:

1. Create the cert.pem and key.pem with no passphrase
2. Set any value or null for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed.

pass


1. Create the cert.pem and key.pem with no passphrase
2. Set any value or null for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js      4.set the correct absolute path or relatively path for  config.certificate.cert and config.certificate.key

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed.

pass

1. Create the cert.pem and key.pem with passphrase
2. Set right value or illegal for config.certificate.passphrase in woogeen_config.js
3.set config.erizoController.ssl = true; in woogeen_config.js

the remote resource at https://xxxxx:8080/socket.io/1/?t=1422131473673 can be accessed only the passphrase was correct.

pass

It seems to be OK and as expected...

Can you upload the certificate files you used whose passphrase and ca are empty?

 

0 Kudos