[Freeswitch-users] Secure Websocket

Michael Jerris mike at jerris.com
Thu May 15 23:45:56 MSD 2014


 <param name="tls-cert-dir" value="/path/to/certs"/>

On May 15, 2014, at 7:02 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:

> So, how do I specify which cert file to use for which profile?
> 
> Anthony's email mentions /usr/local/freeswitch/certs/wss.pem.  Is this path and name hardcoded or can I configure it per sofia profile somehow?
> 
> 
> On Thu, May 15, 2014 at 10:39 AM, Michael Jerris <mike at jerris.com> wrote:
> You can have a different profile on a different port for each cert.  Same thing with hosting multiple ssl websites on the same server.
> 
> On May 15, 2014, at 5:31 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
> 
>> Thank you Michael, I did not realize it - I should have researched it of course.
>> 
>> I believe pem files can only contain a single certificate.  Is there a way for me to allow calls to the same FS from pages loaded from multiple domains?
>> 
>> For example my test domain is different from my production domain with different certificates but I want to have FS instances to be able to take calls from both.
>> 
>> 
>> 
>> 
>> On Thu, May 15, 2014 at 10:17 AM, Michael Jerris <mike at jerris.com> wrote:
>> The https cert for what is in the address bar of the browser must match the cert of the wss websocket. that is being created on that page.  This is part of the security model in the browser web socket implementations.
>> 
>> Mike
>> 
>> On May 15, 2014, at 4:56 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>> 
>>> Or (more likely) are you talking about the certificate for the URL that fronts the FS instances (like an SBC)?
>>> 
>>> 
>>> On Thu, May 15, 2014 at 9:46 AM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>>> OK, last dumb question I promise :-)
>>> 
>>> You are talking about the certificate from the web site that hosts the page that opens a web socket to FreeSWITCH, right?  
>>> 
>>> So all my FS instances will need the same certificate?
>>> 
>>> What if I need to make calls from pages loaded from different sites?
>>> 
>>> I guess it was 3 dumb questions instead of one - sorry.
>>> 
>>> 
>>> On Thu, May 15, 2014 at 9:29 AM, Anthony Minessale <anthony.minessale at gmail.com> wrote:
>>> /usr/local/freeswitch/certs/wss.pem
>>> 
>>> You must replace the one that is auto-generated with the same one you use for your web server.
>>> 
>>> If you have a chain cert for your CA you also need to put that in ca-bundle.crt in the same location.
>>> 
>>> On Thu, May 15, 2014 at 11:24 AM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>>> Actually, one more question - what vars do I use to configure the location of the certificate?  Is it similar to the tls-cert-dir?
>>> 
>>> On Thu, May 15, 2014 at 9:17 AM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>>> Thanks Anthony!
>>> 
>>> On Thu, May 15, 2014 at 9:04 AM, Anthony Minessale <anthony.minessale at gmail.com> wrote:
>>> wss has been implemented since the beginning.  You need to use the same cert for the wss that you need for https://
>>> 
>>> On May 15, 2014 10:58 AM, "Oleg Stolyar" <olegstolyar at gmail.com> wrote:
>>> Hi guys,
>>> 
>>> in the latest Chrome a web socket connection from secure origin to an unsecure destination is deprecated.  Is there a way to make a secure web socket connection to FreeSWITCH?  I tried setting wss-binding var to a port value but it didn't work.
>>> 
>>> Is there a plan to implement wss?
>>> 
>>> Thank you
>>> Oleg
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140515/136daee0/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list