[Freeswitch-users] Secure Websocket

Oleg Stolyar olegstolyar at gmail.com
Thu May 15 23:02:57 MSD 2014


So, how do I specify which cert file to use for which profile?

Anthony's email mentions /usr/local/freeswitch/certs/wss.pem.  Is this path
and name hardcoded or can I configure it per sofia profile somehow?


On Thu, May 15, 2014 at 10:39 AM, Michael Jerris <mike at jerris.com> wrote:

> You can have a different profile on a different port for each cert.  Same
> thing with hosting multiple ssl websites on the same server.
>
> On May 15, 2014, at 5:31 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>
> Thank you Michael, I did not realize it - I should have researched it of
> course.
>
> I believe pem files can only contain a single certificate.  Is there a way
> for me to allow calls to the same FS from pages loaded from multiple
> domains?
>
> For example my test domain is different from my production domain with
> different certificates but I want to have FS instances to be able to take
> calls from both.
>
>
>
>
> On Thu, May 15, 2014 at 10:17 AM, Michael Jerris <mike at jerris.com> wrote:
>
>> The https cert for what is in the address bar of the browser must match
>> the cert of the wss websocket. that is being created on that page.  This is
>> part of the security model in the browser web socket implementations.
>>
>> Mike
>>
>> On May 15, 2014, at 4:56 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>>
>> Or (more likely) are you talking about the certificate for the URL that
>> fronts the FS instances (like an SBC)?
>>
>>
>> On Thu, May 15, 2014 at 9:46 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>>
>>> OK, last dumb question I promise :-)
>>>
>>> You are talking about the certificate from the web site that hosts the
>>> page that opens a web socket to FreeSWITCH, right?
>>>
>>> So all my FS instances will need the same certificate?
>>>
>>> What if I need to make calls from pages loaded from different sites?
>>>
>>> I guess it was 3 dumb questions instead of one - sorry.
>>>
>>>
>>> On Thu, May 15, 2014 at 9:29 AM, Anthony Minessale <
>>> anthony.minessale at gmail.com> wrote:
>>>
>>>> /usr/local/freeswitch/certs/wss.pem
>>>>
>>>> You must replace the one that is auto-generated with the same one you
>>>> use for your web server.
>>>>
>>>> If you have a chain cert for your CA you also need to put that in
>>>> ca-bundle.crt in the same location.
>>>> On Thu, May 15, 2014 at 11:24 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>>>>
>>>>> Actually, one more question - what vars do I use to configure the
>>>>> location of the certificate?  Is it similar to the tls-cert-dir?
>>>>>
>>>>> On Thu, May 15, 2014 at 9:17 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>>>>>
>>>>>> Thanks Anthony!
>>>>>>
>>>>>> On Thu, May 15, 2014 at 9:04 AM, Anthony Minessale <
>>>>>> anthony.minessale at gmail.com> wrote:
>>>>>>
>>>>>>> wss has been implemented since the beginning.  You need to use the
>>>>>>> same cert for the wss that you need for https://
>>>>>>> On May 15, 2014 10:58 AM, "Oleg Stolyar" <olegstolyar at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi guys,
>>>>>>>>
>>>>>>>> in the latest Chrome a web socket connection from secure origin to
>>>>>>>> an unsecure destination is deprecated.  Is there a way to make a secure web
>>>>>>>> socket connection to FreeSWITCH?  I tried setting wss-binding var to a port
>>>>>>>> value but it didn't work.
>>>>>>>>
>>>>>>>> Is there a plan to implement wss?
>>>>>>>>
>>>>>>>> Thank you
>>>>>>>> Oleg
>>>>>>>>
>>>>>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140515/aea8d6be/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list