search

eclipse / paho.mqtt.javascript

paho.mqtt.javascript
Other
1.14k stars 468 forks source link

failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID #220

Closed medilies closed 4 years ago

medilies commented 4 years ago

I'm getting this error message

paho-mqtt-min.js:37 WebSocket connection to 'wss://192.168.1.2:8081/mqtt' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID

I'm on windows 10 using mosquitto 1.6.9 with this config


port 1884

listener 8883
protocol mqtt
cafile C:\mosquitto\darlink\certs\ca.crt
keyfile C:\mosquitto\darlink\certs\server.key
certfile C:\mosquitto\darlink\certs\server.crt
tls_version tlsv1.2

listener 8080
protocol websockets

listener 8081
protocol websockets
cafile C:\mosquitto\darlink\certs\ca.crt
keyfile C:\mosquitto\darlink\certs\server.key
certfile C:\mosquitto\darlink\certs\server.crt

all ports are tested with many clients. and here is MQTTBox connecting to wss://192.168.1.2:8081**

image

client script

      client = new Paho.MQTT.Client("192.168.1.2", Number(8081), "pahos");

      client.onConnectionLost = onConnectionLost;
      client.onMessageArrived = onMessageArrived;

      client.connect({ onSuccess: onConnect, useSSL: true });

      function onConnect() {
        client.subscribe("foo");
      }

      function onConnectionLost(responseObject) {
        if (responseObject.errorCode !== 0) {
          console.log("onConnectionLost:" + responseObject.errorMessage);
        }
      }

      function onMessageArrived(message) {
        console.log("onMessageArrived:" + message.payloadString);
      }
woodz- commented 4 years ago

all ports are tested with many clients

Have you got any statistic (variety plus test status) of your many clients being tested?

I had encountered this in chromium and firefox browser. The solution to this was to provide the CA-certificate to the browsers via their subsequent import functionality

On firefox it succeeded, but on chromium I am stuck on: failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID

medilies commented 4 years ago

hey @woodz- by saying many clients I didn't mean anything sophisticated :p

I just tried to connect to all to 4 ports with:

And observed if the connection was successful or not

Thanks to your comment

The solution to this was to provide the CA-certificate to the browsers via their subsequent import functionality

I imported my CA to chrome and paho script connected successfully via WSS

But I find forcing all clients to import my CA to their browsers manually before connecting isn' t scallable

So the only way to scale is to use a trusted CA