CODEWITHSUNDEEP
node.jssslwebsocketssl-certificate
john-jones
john-jones

Reputation: 7780

WebSocket TLS certificate setup fun

I'm trying to setup a WebSocket over TLS.

For that end I'm going by the directions on page 81 in the following book.

https://www.amazon.com/WebSocket-Client-Server-Communications-Andrew-Lombardi/dp/1449369278/ref=sr_1_1?keywords=websocket&qid=1581782142&sr=8-1

I setup the server code as they say in the book. All good there, but there is some problem with the certificates.

According to the book I am supposed to take four steps in setting up the certificates

1. Generate a 2048 bit key.
openssl genrsa -des -passout pass:x -out server.pass.key 2048

2. Generate a passphrase free key.
openssl rsa -passin pass:x -in server.pass.key -out server.key

3. Generate csr from the private key.
openssl req -new -key server.key -out server.csr

4. Generate the certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

When I run step 1 I get error

"UI_set_result:result too small .."

For which the fix is here.

He basically says to run the following snipped instead of step 1.

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key

It looks like he is skipping the .pass part. For which step 2 is taken. So I am unsure if I should take that step or not, after the fix.

I run those four steps, then in server.js i have:

var connection={
    ssl:true,
    port:port_number_here,
    ssl_key:'server.key',
    ssl_cert:'server.crt'
    }

//..
var processRequest=function(req,res){
    res.writeHead(200);
    res.end("Hi!\n");
    //console.log('connecting');
    };

var app=null;
app = httpsServ.createServer({
    key: fs.readFileSync(connection.ssl_key),
    cert:fs.readFileSync(connection.ssl_cert)
    },processRequest).listen(connection.port);


var wss = new WebSocketServer({server:app});

var clients=[];
var client_number=0;
wss.on('connection', function(cclient_socket){
    console.log('Estabished Connection with client.');
    }

Then I start the server with:

node server.js

But when I run the client code via Firefox I get error:

Firefox can’t establish a connection to the server at wss://somedomain:someportnumber/.

And in Chromium I get error:

(index):9 WebSocket connection to 'wss://thedomain.org:theportnumber/'    
failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID

I am unsure how to proceed from here. I would guess I somehow didn't make the certificates correctly but the error doesn't give me much to work with.

Any help would be appreciated.

p.s. I tried implementing the following directions, to no avail.

https://stackoverflow.com/a/41366949/322537

Also, I have a suspicion the Chromium error "ERR_CERT_AUTHORITY_INVALID" is a key thing here. I googled it and found https://www.guildcafe.com/fix-net-err_cert_authority_invalid-error.html it has to do with the certificate authority. which is just me. I'm still stranded though for I don't know how to fix it.

Upvotes: 2

Views: 3308

Answers (2)

john-jones
john-jones

Reputation: 7780

The solution was to not create the certificates as the book described but instead simply refer to the ssl certificates that had already been created for the given website.

Upvotes: 0

O. Jones
O. Jones

Reputation: 108651

It looks to me like you use a self-signed server certificate. You have to tell your client -- your Chromium instance--to trust that key before it will use a websocket to connect to the server you are developing. You can sweet-talk your browser into accepting an incorrectly signed https webpage connection, but not a websocket connection.

In Chromium's case you actually need to tell your machine's OS (not the server machine, but rather the machine where you run Chromium). Please look up those instructions for your OS. You're looking up "trust self-signed certificate in Chrome on Ubuntu" or ".. on MacOS" or "...on Windows" or whatever.

Firefox has its own UI for that purpose. You can read about that too. It might be a quicker route to success for you.

Then there's Let's Encrypt, with which you can make a trusted certificate for free. For a tutorial, check this out. https://itnext.io/node-express-letsencrypt-generate-a-free-ssl-certificate-and-run-an-https-server-in-5-minutes-a730fbe528ca

Are we having fun yet? Are we? Are we?

Upvotes: 1

Related Questions