[Freeswitch-users] Secure Websocket

Oleg Stolyar olegstolyar at gmail.com
Fri May 23 19:57:23 MSD 2014


Hi Michael,

sorry to keep bothering you with this but something just doesn't seem right
to me.  Here is the scenario:

I have a page loaded from https://somewebsite.com

Inside that page there is javascript that open a secure web socket to wss://
fs1.mycompany.com which is a direct cname of one of my FS servers.

Are you saying that the wss.pem file on the FS server should have the
certificate for somewebsite.com?

If this is the case, I can't create a JS widget that people will host on
random secure sites that will all connect to my FreeSWITCH.    This doesn't
seem right.




On Thu, May 15, 2014 at 10:17 AM, Michael Jerris <mike at jerris.com> wrote:

> The https cert for what is in the address bar of the browser must match
> the cert of the wss websocket. that is being created on that page.  This is
> part of the security model in the browser web socket implementations.
>
> Mike
>
> On May 15, 2014, at 4:56 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>
> Or (more likely) are you talking about the certificate for the URL that
> fronts the FS instances (like an SBC)?
>
>
> On Thu, May 15, 2014 at 9:46 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>
>> OK, last dumb question I promise :-)
>>
>> You are talking about the certificate from the web site that hosts the
>> page that opens a web socket to FreeSWITCH, right?
>>
>> So all my FS instances will need the same certificate?
>>
>> What if I need to make calls from pages loaded from different sites?
>>
>> I guess it was 3 dumb questions instead of one - sorry.
>>
>>
>> On Thu, May 15, 2014 at 9:29 AM, Anthony Minessale <
>> anthony.minessale at gmail.com> wrote:
>>
>>> /usr/local/freeswitch/certs/wss.pem
>>>
>>> You must replace the one that is auto-generated with the same one you
>>> use for your web server.
>>>
>>> If you have a chain cert for your CA you also need to put that in
>>> ca-bundle.crt in the same location.
>>> On Thu, May 15, 2014 at 11:24 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>>>
>>>> Actually, one more question - what vars do I use to configure the
>>>> location of the certificate?  Is it similar to the tls-cert-dir?
>>>>
>>>> On Thu, May 15, 2014 at 9:17 AM, Oleg Stolyar <olegstolyar at gmail.com>wrote:
>>>>
>>>>> Thanks Anthony!
>>>>>
>>>>> On Thu, May 15, 2014 at 9:04 AM, Anthony Minessale <
>>>>> anthony.minessale at gmail.com> wrote:
>>>>>
>>>>>> wss has been implemented since the beginning.  You need to use the
>>>>>> same cert for the wss that you need for https://
>>>>>> On May 15, 2014 10:58 AM, "Oleg Stolyar" <olegstolyar at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi guys,
>>>>>>>
>>>>>>> in the latest Chrome a web socket connection from secure origin to
>>>>>>> an unsecure destination is deprecated.  Is there a way to make a secure web
>>>>>>> socket connection to FreeSWITCH?  I tried setting wss-binding var to a port
>>>>>>> value but it didn't work.
>>>>>>>
>>>>>>> Is there a plan to implement wss?
>>>>>>>
>>>>>>> Thank you
>>>>>>> Oleg
>>>>>>>
>>>>>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140523/430b8e03/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list