Hi Daniel,
Thanks for looking in.
There are no issues with permission or path.
However below are the logs that I see on the server where I am using SSL
for gevent-socketio server.
Below is the log I see.
Traceback (most recent call last):
File
"/nobackup/drokade/Installations/c_276/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/greenlet.py",
line 327, in run
result = self._run(*self.args, **self.kwargs)
File
"/nobackup/drokade/Installations/c_276/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/server.py",
line 102, in wrap_socket_and_handle
ssl_socket = self.wrap_socket(client_socket, **self.ssl_args)
File
"/nobackup/drokade/Installations/c_276/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/ssl.py",
line 383, in wrap_socket
ciphers=ciphers)
File
"/nobackup/drokade/Installations/c_276/3rdparty/python2.6.1/lib/python2.6/site-packages/gevent-1.0-py2.6-linux-x86_64.egg/gevent/ssl.py",
line 87, in __init__
cert_reqs, ssl_version, ca_certs)
SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib
<Greenlet at 0x3585910: <bound method SocketIOServer.wrap_socket_and_handle
of <SocketIOServer at 0x298e850 fileno=12 address=72.163.134.157:8081>>(<socket
at 0x35f7bd0 fileno=13 sock=72.163.134.157, ('10.65.39.87', 49851))> failed
with SSLError
Below is how I am setting up my Socket Server.
# Loop forever for the events
sio_server = SocketIOServer(
(globalconfig.socketserverhost,int(globalconfig.socketserverport)),
RTTSocketIOApp(),
policy_server=False,
keyfile=hkeyfile, certfile=hcertfile).serve_forever()
<VirtualHost *:8080>
ServerName app04
Redirect permanent / https://app04:8443/
</VirtualHost>
SSLCertificateFile "/nobackup/drokade/Installations/release_test/server.crt"
SSLCertificateKeyFile
"/nobackup/drokade/Installations/release_test/server.key"
Do you recommend specific type of certificate to be used ?
On Wed, May 28, 2014 at 7:53 PM, Daniel Kahn Gillmor [via OpenSSL] <
[email protected]> wrote:
> On 05/28/2014 01:08 AM, Deepak wrote:
>
> > I am writing an in house application where my main web server is "apache
> "
> > web server hosting the main web portal which is being accessed by HTTPS.
> >
> > On one of the webpage I am establishing the connection to the socketio
> based
> > server using HTTPS again but on different port. Hostnames are same for
> main
> > URL and socketio's URL.
> >
> > If I use two different SSL certificates all goes fine. However if I try
> to
> > use the same certificate , application is unable to connect to socket io
> > server.
> The two services will need to share not only the certificate but also
> the secret key material that corresponds to the public key in the
> certificate, right?
>
> Is it possible that the socketio server doesn't have permission to read
> the secret key that apache can read? Or that the socketio server is
> pointing to a the wrong secret key (which would be a key/certificate
> mismatch)?
>
> Is the socketio server actually running after this change? does it have
> the given port held open? are there error log messages you can inspect
> and share here?
>
> > I want to use the same certificate for both the URLs (same host ,
> different
> > ports ). Isn't it possible ?
>
> What you're trying to do should be possible, but i don't think you've
> given enough information to figure out what the specific problem is.
>
> hth,
>
> --dkg
>
>
> *signature.asc* (1K) Download
> Attachment<http://openssl.6102.n7.nabble.com/attachment/50396/0/signature.asc>
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://openssl.6102.n7.nabble.com/Using-same-SSL-certificat-e-for-Apache-and-socketio-web-server-for-same-applicatio-n-tp50379p50396.html
> To unsubscribe from Using same SSL certificate for Apache and socketio
> web server for same application, click
> here<http://openssl.6102.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=50379&code=c21hcnRwYXduQGdtYWlsLmNvbXw1MDM3OXwtMTQ2OTQ3NDU2Ng==>
> .
> NAML<http://openssl.6102.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
Deepak Rokade
--
View this message in context:
http://openssl.6102.n7.nabble.com/Using-same-SSL-certificat-e-for-Apache-and-socketio-web-server-for-same-applicatio-n-tp50379p50401.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
