I have been having problems with getting my websocket secure (wss://) connection to work.
I recently had to switch servers and got a new SSL certificate, on my previous server wss:// connection use to work fine. On new server I generated a new keystore using instruction provided by the CA, I gave the keystore the same name and password as it had on previous server as well I placed the keystore in the same directory which the code refers to. I did all that so I don't have to change the code.
I am using the exact same .JAR file from previous server, now every time I run my application i get following error message in the console
WebSocket connection to 'wss://example.com:8080/' failed: Error in
connection establishment: net::ERR_CONNECTION_REFUSED
Websockets work fine when I turn off SSL and run it on the same port, I also made sure keystore was created properly and it was. I can't figure out what may the problem be, I would really appreciate help and guidance.
This sounds like a network issue rather than a jetty/SSL issue. Is port 8080 open? Try to run the command "telnet hostname 8080". If you get a connection refused error then the port is not open.
Related
I am writing an HTTPS proxy in play framework, yet every time I try to run it on a website that has ssl encryption I am getting this error in my server:
akka.actor.ActorSystemImpl(play-dev-mode) Illegal request, responding with status '400 Bad Request': CONNECT requests are not suppo
rted: Rejecting CONNECT request to '//any.website:443'
The proxy works well on HTTP, yet HTTPS is the problem. I tried changing my application.conf to have a port destined to work on HTTPS, but when I try to run it with the keystore i setup using the keytool command I am getting the following error in my browser:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Any workaround to allow HTTPS on a play framework proxy server?
I need some help with doing netty socket io over https. I have got it to in my local env but not on a server with secure domain. The server starts but client isn't able to connect. Tried by starting the socket server with IP as well as domain name. For the server to start with domain name as hostname value in setHostname method, I added an entry in /etc/hosts file as following
127.0.0.1 localhost example.com
Socket server started by giving example.com as hostname but client isn't able to connect using the same hostname over https as following
var socket = io.connect('https://example.com:10443')
Tried with options - { secure: true, reconnect: true, rejectUnauthorized : false } too but the same issue.
On server side my configuration is as following
Configuration configuration = new Configuration();
configuration.setHostname("example.com");
configuration.setPort(10443);
configuration.setKeyStorePassword("mypassword");
InputStream stream = getClass().getClassLoader().getResourceAsStream("keystore.jks");
configuration.setKeyStore(stream);
The jsk file was created using keytool command for the same domain (example.com)
Is there something more to be done for the port - 10443 to be used by the socket server? Or is there any other configuration to be done?
Got the solution! I had not mentioned that the domain was set up on cloudflare. Here the issue was with the port I used - 10443. It's not supported by cloudflare. Changed it to 8443 and it worked!
For those who come across this, please find here the list of supported ports that Cloudflare work with. May save much of your time unlike me.
Also, please note that I used my public IP as hostname in setHostname() method so that I don't need anything added in my hosts file. Then gave the actual domain name with https on client side to connect to the server. That's it. Thank you all!
Sandeep
I have a weblogic folder, From this - How can i find the adminurl that I can use with the below command
java weblogic.Deployer –adminurl t3://server:7001 –username system –password weblogic –listapps
I tried looking into setupinfo.txt, portlist.ini - but somehow this did not help/work. How can get this working?
I get errors/exceptions like these (after few attempts)
The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object
Unable to connect to 'http://server:7001': Destination unreachable; java.net.ConnectException: Tried all: 1 addresses, but could not connect over HTTPS to server: localhost port: 7102; No available router to destination
based on setupinfo.txt, I am able to login to the web console - but I need to know how to get this command working with adminurl !!!
Thanks,
Got it, thanks Alex.
Steps
Find startscript.xml under your weblogic domain , search this file for "ADMIN_URL"
The same can be done by web console UI ..... Admin Console Login to AdminConsole->Server->Configuration->ListenPort (enable and note down the port)
Bingo.
I am trying at write a java program that hits a url over ssl, and prints out the response to find out if the application on this port is running or not. We are using 2way ssl. I am fairly new to working with ssl and java security. Right now I am getting this error
Remote host closed connection during handshake
I am using this command to run the program
java -Djavax.net.ssl.trustStore=rs.truststore TmpUtil
Is there a way to find out what am I doing wrong and where exactly is the problem ?
You can generally debug an SSL/TLS connection that uses the JSSE in Java using the javax.net.debug system property. You'll find more details in the documentation.
Since you're after client-certificate authentication, it's most likely that your application needs a keystore to be configured. You'll find some details about the difference between keystore and truststore in this answer, and in the JSSE Reference Guide of course.
I have this:
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket("www.verisign.com", 443);
This is failing on the 2nd line with a "Connection refused" error.
Now, would I have to install verisign's certificate in my trust store before I can even do the above? I was under the impression that I could connect to an SSL server and execute getPeerCertificates() to get the certificates. Is this not what our browsers do? Otherwise how would they know which signing authority to use?
(Obviously I'm using Verisign as an example. My real URL is far too fugly to use here...)
Connection refused means nothing was listening at the target host:port, or a firewall got in the way. This is logically and temporally prior to anything SSL does.
Have you checked that the remote service is actually up and running, and that you can connect to it? Perhaps the "Connection refused" error is actually a refused connection. :-)
Usually you don't need to install server's certificate on your computer explicitly. PKI works in the way that your system should be able to validate server's certificate without any prior knowledge about it. However this will work only when your server's certificate has it's roots in on of the "known CAs", i.e. certificate authorities, whose root or other certificates are already listed on the client system. If this is not the case (eg. you have a self-signed or some other custom certificate on the server), you really need to install the certificate on your client system before the mentioned classes can validate server certificate properly.
You can read about certificates and how they are used in SSL here.