Still can't connect to my websocket secure... about icy_term HOT 8 CLOSED

Not sure about secure websockets - xibalba.l33t.codes:44512 works.

from icy_term.

I'm not sure if it's a CA issue, or what... I'm using: No-IP Vital Encrypt DV The SSL cert works with my web server, so it should work with the secure websocket. I had a regular websocket working, but now force it to use TLS/SSL for connections and that's not working with icyterm .6.8 Win64bit.

from icy_term.

If you already know No-IP Vital Encrypt DV Certificate Authority is trusted by web browsers (without prompting users), then all you may need to do is complete the certificate chain/bundle in your config. Right now it's incomplete:

openssl s_client -connect shsbbs.net:8080
CONNECTED(00000003)
depth=0 CN = shsbbs.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = shsbbs.net
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = shsbbs.net
verify return:1
---
Certificate chain
 0 s:CN = shsbbs.net
   i:C = US, O = "Vitalwerks Internet Solutions, LLC", CN = "Vitalwerks Internet Solutions, No-IP TLS ICA"
...
SSL handshake has read 2333 bytes and written 388 bytes
Verification error: unable to verify the first certificate

from icy_term.

I'm using the command line: websockify --cert=c:\apache24\conf\bundle.pem --ssl-only --cafile=c:\apache24\conf\DigiCertCA.crt 192.168.0.2:8080 192.168.0.7:23
I've got the bundle.pem file the same as everything else is using, with my certificate and private key in it. I'm not sure what I'm doing wrong. Icecast is set up the same way, and the https://shsbbs.net:8088/shurato.ogg link works fine. I'll look into this some more. Thanks!

from icy_term.

websockify --cert=c:\apache24\conf\shsbbs_net.crt --key=c:\apache24\conf\myserver.key --ssl-only --cafile=c:\apache24\conf\DigiCertCA.crt 192.168.0.2:8080 192.168.0.7:23 didn't seem to make any difference, in case my bundle.pem file wasn't right. Oh, the icecast server is actually https://shsbbs.net:8843/shurato.ogg , I've got too many port numbers to keep straight...

from icy_term.

My certificates work with web browsers, but not with other ssl clients.

from icy_term.

Web browsers will often fetch a missing component of your certificate chain for you. When I look at openssl s_client -connect shsbbs.net:8080, it's still not able to verify with any built in CA bundles. You can generally export the full chain from your browser, then try serving with that as your bundle.

from icy_term.

from icy_term.