Hi Nicolas, when you say "the browser fails", what message does it give? Is
it warning that the certificate is self-signed? If so, you won't be able to
get round that (to my knowledge), as that's built in to the browser.
But, if that is the only error, then it sounds like it's set up correctly,
and when you add a "real" (externally-signed) certificate to the
configuration, it should work.
Cheers,
Igor
On Tuesday, January 28, 2014 8:47:21 AM UTC-5, Nicolas Michel wrote:
>
> Hi Igor,
>
> I made some tests with ssl, and I managed to establish a secured
> connection between a server and a client, each one running in its own erl
> instance, using a self-signed certificate.
>
> Encouraged by this humble success, I updated my boss.config file as
> following :
>
> ...
> {ssl_enable, true},
> {ssl_options, [
> {keyfile, "ssl/server.key"},
> {certfile, "ssl/server.crt"}
> ]}
> ...
>
> I'm experiencing something strange : using wget --no-check-certificate
> "https:..." I successfully downloaded the secured URL.
> But when I'm trying to browse the same URL, the browser fails. I tried
> with firefox and chrome.
>
> Do you have any idea ?
> Thanks for your help, I really appreciate.
>
> Regards,
>
> nicolas -
>
>
>
> 2014-01-27 Igor Clark <[email protected] <javascript:>>
>
>> Hi Nicolas, I haven't set up CB with SSL before but if it's complaining
>> about "unknown CA" on a self-signed cert I wonder if you need to somehow
>> tell the library not to worry about the CA, as it's self-signed?
>>
>> Failing that, if it's really urgent, you could try using nginx to
>> terminate SSL and proxy to your CB instance. I've done this, including
>> proxying websockets, and it worked very well.
>>
>> Cheers
>> Igor
>>
>>
>> On Monday, January 27, 2014 4:08:34 AM UTC-5, Nicolas Michel wrote:
>>
>>> Hi,
>>>
>>> No idea about my question ?
>>> I'm really stuck because being over HTTPS is a strong requirement for
>>> the app I'm working on to go live ...
>>> Do my troubles come from the usage of a self-signed certificate ?
>>>
>>> Many thanks,
>>>
>>> Nicolas -
>>>
>>>
>>>
>>> 2014-01-21 Nicolas Michel <[email protected]>
>>>
>>>> Hi,
>>>>
>>>> I followed your advice, and I tried to used an earlier version of the
>>>> tutorial.
>>>> It still does not work.
>>>> Here is what I get when I try to connect using https:
>>>>
>>>> (xxx@xxx)1> 21:29:53.661 [error] SSL: certify:
>>>> tls_connection.erl:2275:Fatal error: unknown ca
>>>>
>>>> 21:29:53.665 [error] application: mochiweb, "Accept failed error",
>>>> "{error,{tls_alert,\"unknown ca\"}}"
>>>> 21:29:53.668 [error] CRASH REPORT Process <0.162.0> with 0 neighbours
>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line
>>>> 33
>>>> 21:29:53.671 [error] {mochiweb_socket_server,297,{
>>>> acceptor_error,{error,accept_failed}}}
>>>>
>>>> As stated in the tutorial, it uses a self-signed certificate, so I do
>>>> not understand the "unknown ca" error.
>>>>
>>>> Any clue ?
>>>> Does anybody have managed to setup a HTTPS configuration ?
>>>>
>>>> Many thanks,
>>>>
>>>> Nicolas -
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2014/1/21 Kai Janson <[email protected]>
>>>>
>>>>> Take a look at the history of the file. The newer write up has some
>>>>> issues.
>>>>>
>>>>> Sent from my non-google-device
>>>>>
>>>>> On Jan 21, 2014, at 11:54 AM, Nicolas Michel <[email protected]>
>>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I have a CB app which works fine in clear HTTP.
>>>>> But I need to make it work with HTTPS.
>>>>> I followed the recipe (copy/paste) I found here :
>>>>>
>>>>> https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup
>>>>>
>>>>> But it does not work. I've the following error :
>>>>>
>>>>> 17:52:33.010 [error] application: mochiweb, "Accept failed error",
>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}"
>>>>> 17:52:33.012 [error] CRASH REPORT Process <0.162.0> with 0 neighbours
>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3
>>>>> line
>>>>> 33
>>>>> 17:52:33.014 [error] {mochiweb_socket_server,295,{
>>>>> acceptor_error,{error,accept_failed}}}
>>>>> 17:52:33.016 [error] application: mochiweb, "Accept failed error",
>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}"
>>>>> 17:52:33.017 [error] CRASH REPORT Process <0.163.0> with 0 neighbours
>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3
>>>>> line
>>>>> 33
>>>>> 17:52:33.018 [error] application: mochiweb, "Accept failed error",
>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}"
>>>>> 17:52:33.019 [error] CRASH REPORT Process <0.164.0> with 0 neighbours
>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3
>>>>> line
>>>>> 33
>>>>> 17:52:33.022 [error] application: mochiweb, "Accept failed error",
>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}"
>>>>> 17:52:33.022 [error] CRASH REPORT Process <0.165.0> with 0 neighbours
>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3
>>>>> line
>>>>> 33
>>>>> 17:52:33.111 [error] {mochiweb_socket_server,295,{
>>>>> acceptor_error,{error,accept_failed}}}
>>>>> 17:52:33.212 [error] {mochiweb_socket_server,295,{
>>>>> acceptor_error,{error,accept_failed}}}
>>>>> 17:52:33.313 [error] {mochiweb_socket_server,295,{
>>>>> acceptor_error,{error,accept_failed}}}
>>>>>
>>>>> Any idea ?
>>>>>
>>>>> br
>>>>>
>>>>> Nicolas -
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "ChicagoBoss" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>>
>>>>> Visit this group at http://groups.google.com/group/chicagoboss.
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/chicagoboss/CAAQ9oZox__LiOQPTj3x-ninrbZzhugmG-yZ_
>>>>> pFogr6PBbaHURA%40mail.gmail.com.
>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "ChicagoBoss" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>>
>>>>> Visit this group at http://groups.google.com/group/chicagoboss.
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/chicagoboss/170066BD-0BD2-440C-96BB-78913F778332%40gmail.com.
>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>
>>>>
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "ChicagoBoss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> Visit this group at http://groups.google.com/group/chicagoboss.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/chicagoboss/603e000b-7df0-4acc-8bf8-c6acf92a0dfb%40googlegroups.com
>> .
>>
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"ChicagoBoss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at http://groups.google.com/group/chicagoboss.
To view this discussion on the web visit
https://groups.google.com/d/msgid/chicagoboss/959ea54c-6f12-41ae-bf30-66e1e59acd46%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
