Open ismaelit opened 5 years ago
ismaelit
commented
5 years ago Update: now I have all authorizations in my key file on the MacOS keychain. The error now is failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID, but my hostname is the same of my COMMON NAME when I've created the cert files... And my Python Paho client still connecting normally with this key.
woodz-
commented
4 years ago Same issue for me on ubuntu 16.04 with chromium 81.0.4044.138. Have you found a solution already? Tried same thing in firefox 77.0.1 (64-bit) and it works there
tranviet191999
commented
3 years ago is there any solution to fix this?
Bach-Nguyen-Dinh
commented
3 years ago do you use self signed cert? in that case, do you check the COMMON NAME of ca cert is the same with server cert?
woodz-
commented
3 years ago Since only chrome based browsers hit the trouble, one could try a connection with a server certificate including a SAN (Subject Alternative Name).
One day they introduced the requirement of checking SAN. Here is an article (heavily marketing loaded unfortunately) about the version and when this happened.
Here is a reference on how to deal with those type of certs.
It definitively works with self signed certs, since I had the trouble to work through all the heaps.
I din't get it to work from within Android based chrome. This is due to the fact, that user defined certs imported to the phone are not acting on Stock-Applications. You need to have your own-coded browser or root the phone.
But it really works well on iPhones, since they allow user defined certs on their Applications.
It also works on Raspis by the system's default cert import, independent of the browser Application vendor / type
Hello @ALL
I am configuring my web app for connecting to a mqtt broker using SSL/TLS. Before I was using only plain password, but now with my app on an https active server, I need to put my WebSocket MQTT to SSL too.
I have created all keys and crt, I am not using username/password anymore.
Tested with Python Paho client, using ca.key file, and connects right over websocket of my broker (connecting from a raspberry pi machine, running raspbian).
Now in my MacOS using Chrome and Firefox, the same error:
WebSocket connection to 'wss://my-broker-machine-hostname-here:4802/mqtt' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID(changed my host to 'my-broker-machine-hostname-here' only for explanation purposes)
I have installed the ca.key file on my MacOS keychain, but this appears to have no effect.
Apparently the problem is not in the Broker because I can successfully remotely connect using Python Paho client.
What could I am doing wrong?