SSL Connection

[ghost]

Hello,

So I was using Fleck with just the IP address when I had http and it was working perfectly. I upgraded to HTTPS and now I cannot get it to connect. I have walked through so many examples on other people's problems.

On the client side I have:
var webSocket = window.WebSocket || window.MozWebSocket, ws = new webSocket('wss://ip:port');

I have tried changing it to --> name of the certification (friendly) followed by the port
and I have also tried --> domain:port

On the server side, it finds my certification file located in the C drive of my server perfectly fine. I then enable all modes of the SslConnection / allow them all (11 through like 13?) and I have tried to have it listen to the ip address, and 0.0.0.0 and NOTHING works!!

If someone could please help I would great appreciate it.

[AdrianBathurst]

You socket client needs to use wss://your-domain.com:port. your-domain.com must match your ssl certificate. The problem is most likely your certificate,.

See #214 to generate the test certificate and server setup.

[ghost]

Hi Adrian,

Yes I followed #214 and got my certificate exported correctly. I tried the above exactly like that on client side and the server receives no connections. When it does receive connections it says 0bytes read. Closing.

[AdrianBathurst]

I've seen "When it does receive connections it says 0bytes read. Closing" many times and this usually indicates incorrect ssl certificate setup. All I can say is follow the steps in #214 (comment) and #214 (comment) closely, it does work.

[ghost]

On the server side I have also tried my ip address, and 0.0.0.0.

0.0.0.0 received no connections
My ip address received a connection but closed it.

On the server I have it connecting to the certificate and allowing SslConnection 11,12,13 as stated above.

On the client I have tried multiple methods and I don't believe the domain:port connects/the server doesn't receive any connections

[ghost]

I will run through those again this afternoon and let you know. I'm using a real certificate not a localhost /self generated as well

[AdrianBathurst]

Is this a test environment running locally on a development machine, but using the real domain? if so, are you running the website locally using the real domain, and is it running ok under ssl?

214 comments are for a test certificate, not a real one.

[ghost]

It's for a real certificate , all of this testing was done on real domain. I just followed the exporting certificate steps in #214

[ghost]

I followed this

Add the real certificate to the certificate store, find it, right click it, select all tasks > export, then follow the same steps as the last export process described above. It must be as a .pfx file.

You don't need to add any host file entries.

[AdrianBathurst]

Check how strongly signed the certificate is... SHA256 hash and 2048 bits public key?

In the browser running the socket client, what error do you get in the debug console?

[ghost]

Yes it is SHA256 and 2048 bits.

Yes browser is running socket client. When I connect the server says the following:
Authenticating
0 Bytes Read. Closing

[AdrianBathurst]

In the browser running the socket client, what error do you get in the debug console?

[ghost]

I'll update this thread once I know for sure it will be a few hours until I'm home, however if I remember correctly it's a could not establish connection

[ghost]

Hey Adrian,

So If I set my server to IP:8181 and I set my client-side to wss://domain.com:8181

The following error occurs on Dev Tools:
WebSocket connection to 'wss://domain.com:8181/' failed: Error in connection establishment: net::ERR_CONNECTION_TIMED_OUT

now if I set it to IP:port

then on the server debug I get:
Authenticating
0 Bytes Received. Closing.

[AdrianBathurst]

"now if I set it to IP:port"...I take it that's on the client?

Sounds the client cannot find the server when using wss://domain.com:8181 as you get no debug info on the server, but can find the server when using wss://server-ip:8181 as you do get server debug info. Obviously it will register a fail as it needs a domain name. Seems you may have a network issue. Check that nothing is blocking port 8181 for secure routes.

A test you can do to bypass network related issues is to test directly on the server itself:

On the server, have all browsers closed, then add the local server ip (not public ip!) & domain to the host file.

Open cmd and ping the domain to make sure it resolves the local ip address.

Test the sockets using a browser on the server. This will keep all traffic local to the server.

[ghost]

Okay,

I believe I discovered my issue.

I have SSL so I require that connection, however I use cloudflare to hide my IP address on my server. Which I need. So I have 2 nameservers, each pointing to a different IP with Cloudflare which both get forwarded to the server address.

I believe this is what is causing the issue with my domain. How can I use FLECK to navigate through cloudflare?

Thanks :)

[AdrianBathurst]

Try using websocket reverse proxy, and run the client using the standard port 443 (wss://domain.com) (no port).

[ghost]

Fixed - I wasn't using a port supported by Cloudflare SSL :) Thanks