Closed hantagu closed 1 month ago
Hello,
The option is working, I just checked. Most likely, the issue is that you are using the IP address to connect to your server. Your certificate must be valid only for some specific domain names, and does not contain the IP address in its SAN
Either use the domain name to contact your server or use the --tls-sni-override to specify your domain during the tls handshake
The problem has been solved. File /opt/stunnel/public.pem
contained only the server certificate, without intermediate CA certificate.
It helped to replace it with ca_bundle.crt
, which contains the server certificate and the issuer Sub-CA certificate
A wstunnel server was started with
--tls-certificate
and--tls-private-key
options with the command below:Files
/opt/wstunnel/public.pem
and/opt/wstunnel/private.pem
contain valid TLS certificate and private key respectivelyThe certificate was issued by ZeroSSL to an static IP address of my VDS (the address is contained in Common Name and Subject Alt Names of the certificate)
The wstunnel server runs successfully with this logs:
After this a wstunnel client was started on another machine (my laptop) with this command:
Logs:
After this the http://127.0.0.1:8080/ is not accessible in browser (Firefox) with this logs on the client side:
and this logs on the server side:
When I open https://[server IP]/ (wstunnel's server "Invalid upgrade request" page) in the browser it says that