[Freeswitch-users] wss with letsencrypt certs / WebSocket opening handshake was canceled

Ítalo Rossi italo at freeswitch.org
Thu May 5 21:40:07 MSD 2016 

Make sure you have:

/usr/local/freeswitch/certs/wss.pem # CERT, KEY AND CHAIN files separated
by \n
/usr/local/freeswitch/certs/agent.pem # CERT file AND key file separated by
\n
/usr/local/freeswitch/certs/cafile.pem # CHAIN file or root CA

On Thu, May 5, 2016 at 12:19 PM, Oivvio Polite <mylists at polite.se> wrote:

> I had wss working with self signed certs and I'm now trying to move to
> certs from Letsencrypt.
>
> I have something working. Connecting to https://myip:port/ I get the
> green padlock in chrome, but on close inspection Chrome tells me:
>
>     Your connection to  https://myip:port/ is encrypted using an obsolete
>     cipher suite.
>
>     The connection uses TLS 1.2
>
>     The connection is encrypted and authenticated using AES_128_GCM
>     and uses RSA as the key exchange mechanism"
>
> Screenshot here: http://imgur.com/tERQUXw
>
>
> When trying to establish a secure websocket with the verto library I get
>
>     jquery.jsonrpcclient.js:285 WebSocket connection to
> 'wss://xxx.xxx.xxx.xxx:xxx' failed: WebSocket opening handshake was canceled
>
>
>
> When inspecting https://webrtc.freeswitch.org:8082/ with Chrome I get
> the same complaint as with my Letsencrypt certs but verto still works
> over there. So there's something else that I'm doing wrong.
>
>
> In the FS CLI i get this
>
>     2016-05-05 15:15:29.875866 [INFO] mod_verto.c:3997 myip:57884 Client
> Connect.
>     2016-05-05 15:15:29.895849 [INFO] mod_verto.c:1973 myip:57884 Starting
> client thread.
>     2016-05-05 15:15:29.975863 [DEBUG] mod_verto.c:1820 myip:57884 WS
> SETUP FAILED []
>
> Any ideas on what else to try?
>
> Oivvio
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Ítalo Rossi
italo at freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160505/90d48938/attachment.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list