<div dir="ltr">Hi Michael,<div><br></div><div>sorry to keep bothering you with this but something just doesn't seem right to me. Here is the scenario:</div><div><br></div><div>I have a page loaded from <a href="https://somewebsite.com">https://somewebsite.com</a></div>
<div><br></div><div>Inside that page there is javascript that open a secure web socket to wss://<a href="http://fs1.mycompany.com">fs1.mycompany.com</a> which is a direct cname of one of my FS servers.</div><div><br></div>
<div>Are you saying that the wss.pem file on the FS server should have the certificate for <a href="http://somewebsite.com">somewebsite.com</a>?</div><div><br></div><div>If this is the case, I can't create a JS widget that people will host on random secure sites that will all connect to my FreeSWITCH. This doesn't seem right.</div>
<div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 15, 2014 at 10:17 AM, Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">The https cert for what is in the address bar of the browser must match the cert of the wss websocket. that is being created on that page. This is part of the security model in the browser web socket implementations.<div>
<br></div><div>Mike</div><div class=""><div><br><div><div>On May 15, 2014, at 4:56 PM, Oleg Stolyar <<a href="mailto:olegstolyar@gmail.com" target="_blank">olegstolyar@gmail.com</a>> wrote:</div><br><blockquote type="cite">
<div dir="ltr">Or (more likely) are you talking about the certificate for the URL that fronts the FS instances (like an SBC)?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 15, 2014 at 9:46 AM, Oleg Stolyar <span dir="ltr"><<a href="mailto:olegstolyar@gmail.com" target="_blank">olegstolyar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">OK, last dumb question I promise :-)<div><br></div><div>You are talking about the certificate from the web site that hosts the page that opens a web socket to FreeSWITCH, right? </div>
<div><br></div><div>So all my FS instances will need the same certificate?</div>
<div><br></div><div>What if I need to make calls from pages loaded from different sites?</div><div><br></div><div>I guess it was 3 dumb questions instead of one - sorry.</div></div><div><div><div class="gmail_extra">
<br><br><div class="gmail_quote">
On Thu, May 15, 2014 at 9:29 AM, Anthony Minessale <span dir="ltr"><<a href="mailto:anthony.minessale@gmail.com" target="_blank">anthony.minessale@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><p>/usr/local/freeswitch/certs/wss.pem</p><p>You must replace the one that is auto-generated with the same one you use for your web server.</p><p>If you have a chain cert for your CA you also need to put that in ca-bundle.crt in the same location.</p>
</div><div class="gmail_extra"><div><div class="gmail_quote">On Thu, May 15, 2014 at 11:24 AM, Oleg Stolyar <span dir="ltr"><<a href="mailto:olegstolyar@gmail.com" target="_blank">olegstolyar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Actually, one more question - what vars do I use to configure the location of the certificate? Is it similar to the tls-cert-dir?<div>
<br></div></div><div><div class="gmail_extra"><div class="gmail_quote">
On Thu, May 15, 2014 at 9:17 AM, Oleg Stolyar <span dir="ltr"><<a href="mailto:olegstolyar@gmail.com" target="_blank">olegstolyar@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">Thanks Anthony!</div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 15, 2014 at 9:04 AM, Anthony Minessale <span dir="ltr"><<a href="mailto:anthony.minessale@gmail.com" target="_blank">anthony.minessale@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><p dir="ltr">wss has been implemented since the beginning. You need to use the same cert for the wss that you need for https://</p>
<div class="gmail_quote"><div><div>On May 15, 2014 10:58 AM, "Oleg Stolyar" <<a href="mailto:olegstolyar@gmail.com" target="_blank">olegstolyar@gmail.com</a>> wrote:<br type="attribution"></div>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>
<div dir="ltr">Hi guys,<div><br></div><div>in the latest Chrome a web socket connection from secure origin to an unsecure destination is deprecated. Is there a way to make a secure web socket connection to FreeSWITCH? I tried setting wss-binding var to a port value but it didn't work.</div>
<div><br></div><div>Is there a plan to implement wss?</div><div><br></div><div>Thank you</div><div>Oleg</div></div>
</div></blockquote></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div><br></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>