Closed ascii78 closed 13 years ago
mightypenguin
commented
13 years ago I'm suspicious of your key generation. Did you follow this? http://www.openssl.org/docs/HOWTO/certificates.txt
The commands seem different than what you did but I could be wrong. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
ascii78
commented
13 years ago Thanks,
tried:
openssl genrsa -out server.key openssl req -new -x509 -key server.key -out server.crt -days 1095
the CN being the server the wss uri is pointing to, not the the server.domain.org in the wsproxy command
Doesn't seem to work in firefox 7 (mac). However, it does work in the latest chrome (mac). firefox 7 (windows) also generates the same error.
My initial thought was that firefox wouldn't show me a ssl accept dialog for the wss cert, but after using it as a key on a https site it was imported, also no luck. Not sure if I should be looking server side or client side now though.
ascii78
commented
13 years ago also on firefox 3.x (mac) this seems to work...
Hi,
After creating a self signed certificiate with:
openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
and using the demo:
vnc_auto.html with encrypt=1
I get the unknown ca error (not warning), the connection in the browser drops, encrypt=0 does work though. Do I need a CA signed certificate for this to work ?
/opt/novnc/utils/wsproxy.py --ssl-only --cert /opt/novnc/self.pem 6080 server.domain.org:5911
WARNING: no 'numpy' module, HyBi protocol decode may be slower WebSocket server settings:
proxying from :6080 to server.domain.org:5911
1: handler exception: [Errno 1] _ssl.c:499: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca