search

RutgersGRID / hubs

Duck-themed multi-user virtual spaces in WebVR. Built with A-Frame.
https://hubs.mozilla.com
Mozilla Public License 2.0
0 stars 0 forks source link

Attempt to connect Hubs client and local Reticulum is failing because of invalid SSL certificates. #41

Open yalegria opened 2 years ago

yalegria commented 2 years ago

We tried to hit the Hubs client within the VM using wget or curl but we got SSL certs errors. This should be our first attempt to figure out the connection issue when we tried to access the client externally.

Voxelghiest commented 2 years ago

Following this tutorial, I created a pair of certificates through the Phoenix command mix phx.gen.cert (command documentation here).

After distributing the certificate to each of the relevant components of Hubs, however, I ran into a different certification issue:

Screen Shot 2022-08-26 at 8 44 34 AM

After some research, it seems that this "Common Name Invalid" error is because the self-signed certificate only lists "localhost" as a valid common access name, not "192.168.56.3", which is the IP address of the server VM from my host computer. I might need to consider making another certificate manually somehow.

Voxelghiest commented 2 years ago

After looking into the openssl command, I think I've found the right settings to generate the self-signed certificate I need:

openssl req -x509 -nodes -new -sha512 -days 365 -newkey rsa:4096 -keyout key.pem -out cert.pem -subj "/C=US/CN=192.168.56.3"

The important part is that last argument, the "subject" parameter. "CN" denotes the common name for the server, which is how it will be recognized by the browser. By setting it to the IP address of the server, I should avoid the "Common Name Invalid" error from before.

Voxelghiest commented 2 years ago

It didn't work. I got the exact same error as before, about the common name being invalid. I was sure to also trust the certificate I made from my host laptop using the MacBook keychain. I'm unsure what common name my browser wants to see for it to load the page. It is "hubs.local"? Something else?

I'm investigating further into what exactly a common name is to see if I can puzzle it out.

Voxelghiest commented 2 years ago

Success! Sort of. So I changed the command to create the certificates to use "hubs.local" as the common name instead:

openssl req -verify -x509 -new -sha512 -days 365 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -subj "/C=US/CN=hubs.local"

When I distributed the new certificate to the Hubs components and trusted it on my host laptop, I accessed the site by going to https://hubs.local:4000/?skipadmin, and Chrome threw an error:

Screen Shot 2022-08-29 at 11 24 53 AM

Normally, this would mean that the page wouldn't load, even once I forced Chrome to try loading it anyways. But this time, it worked!

Screen Shot 2022-08-29 at 11 30 05 AM

Even though there's still some sort of problem with the certificates, I'll leave solving that problem for another time. For now, I wish to mess around with the site and see how it works.

Voxelghiest commented 2 years ago

As a final note, I used this manual to help me figure out the openssl command. This is merely for future reference, because tracking down the right manual page was annoying.