vi
commented
3 years ago What are you trying to use as a client? Another Websocat instance or browser?
Do you specify -k option or accept invalid certificate in browser?
Closed dakman closed 3 years ago
vi
commented
3 years ago What are you trying to use as a client? Another Websocat instance or browser?
Do you specify -k option or accept invalid certificate in browser?
dakman
commented
3 years ago tried websocat as client and browser ( Simple Web Socket client tester chrome extension ) same results... with websocat serving with SSL that I built from source...
tried -k no cigar either.. see ss below.. thanks for checking into this so fast! right now im using ws:// but its a PITA because I cant use clients trying to connect that are using https:// (mixed content violation)...
any chance we can make it simpler to specify .key and .pem file without this pkcs stuff like what websocketd does?? eg --sslcert=/path/to/cert.pem --sslkey=/path/to/key.pem
dakman
commented
3 years ago also want to note the error message changed... asn1 error?? so strange .. i get different errors if i use the test pkcs in the repo or my own openssl key/cert generated combo
vi
commented
3 years ago Tried -k no cigar either.. see ss below
You need -k on client side (right part of the screenshot), not on the server side.
https:// (mixed content violation)
So you also want to connect from a browser.
Prior to connecting to insecure-wss Websocket endpoint from browser, you can try opening a tab like https://127.0.0.1:8081/. The browser should first show "Insecure connection" screen. After you accept the exception, it would proceed to something like "Only WebSocket connections are welcome here" page from Websocat. But that action should also enable Websocket connections to wss://127.0.0.1:8081/ until you restart the browser.
vi
commented
3 years ago Obviously, if you have a proper, trusted TLS certificate (i.e. from Let's Encrypt), you should be able to specify it to Websocat and just connect immediately.
If you are using a self-signed cerficiate, some hackery is required on client side by design.
dakman
commented
3 years ago Oh i do have a trusted TLS.. so are you saying if I generate a PKCS file for the cert and key from my LE issued cert it should work?
I'll try this now. Thanks!
dakman
commented
3 years ago that fixed it! for browser WSS connections at least ..
using the cli apparently its not fetching the issuer certificate ?? but when i use -k it lets me connect
Thanks for making such a great tool!
Amazon Linux 2
Tried both with pre-packaged pkcs and a newly generated one .. no cigar.. tried both examples including the "workaround" using socat and websocat.
Any ideas?