Hi Igor,
2014-01-28 Igor Clark <[email protected]> > Hi Nicolas, when you say "the browser fails", what message does it give? > Is it warning that the certificate is self-signed? If so, you won't be able > to get round that (to my knowledge), as that's built in to the browser. > Here is what I get with Firefox (26.0): The key does not support the requested operation. (Error code: sec_error_invalid_key) It's the same if I try to manually add a Security Exception for my server (I read something about that somewhere ...). > But, if that is the only error, then it sounds like it's set up correctly, > and when you add a "real" (externally-signed) certificate to the > configuration, it should work. > I hope :) I'm still wondering how do other people to test their stuff, without having to request a real certificate. It leaves me with the feeling I'm missing something important. I must be totally out the right path ... Thank you for your help. Best regards, Nicolas - > > Cheers, > Igor > > > On Tuesday, January 28, 2014 8:47:21 AM UTC-5, Nicolas Michel wrote: > >> Hi Igor, >> >> I made some tests with ssl, and I managed to establish a secured >> connection between a server and a client, each one running in its own erl >> instance, using a self-signed certificate. >> >> Encouraged by this humble success, I updated my boss.config file as >> following : >> >> ... >> {ssl_enable, true}, >> {ssl_options, [ >> {keyfile, "ssl/server.key"}, >> {certfile, "ssl/server.crt"} >> ]} >> ... >> >> I'm experiencing something strange : using wget --no-check-certificate >> "https:..." I successfully downloaded the secured URL. >> But when I'm trying to browse the same URL, the browser fails. I tried >> with firefox and chrome. >> >> Do you have any idea ? >> Thanks for your help, I really appreciate. >> >> Regards, >> >> nicolas - >> >> >> >> 2014-01-27 Igor Clark <[email protected]> >> >>> Hi Nicolas, I haven't set up CB with SSL before but if it's complaining >>> about "unknown CA" on a self-signed cert I wonder if you need to somehow >>> tell the library not to worry about the CA, as it's self-signed? >>> >>> Failing that, if it's really urgent, you could try using nginx to >>> terminate SSL and proxy to your CB instance. I've done this, including >>> proxying websockets, and it worked very well. >>> >>> Cheers >>> Igor >>> >>> >>> On Monday, January 27, 2014 4:08:34 AM UTC-5, Nicolas Michel wrote: >>> >>>> Hi, >>>> >>>> No idea about my question ? >>>> I'm really stuck because being over HTTPS is a strong requirement for >>>> the app I'm working on to go live ... >>>> Do my troubles come from the usage of a self-signed certificate ? >>>> >>>> Many thanks, >>>> >>>> Nicolas - >>>> >>>> >>>> >>>> 2014-01-21 Nicolas Michel <[email protected]> >>>> >>>>> Hi, >>>>> >>>>> I followed your advice, and I tried to used an earlier version of the >>>>> tutorial. >>>>> It still does not work. >>>>> Here is what I get when I try to connect using https: >>>>> >>>>> (xxx@xxx)1> 21:29:53.661 [error] SSL: certify: >>>>> tls_connection.erl:2275:Fatal error: unknown ca >>>>> >>>>> 21:29:53.665 [error] application: mochiweb, "Accept failed error", >>>>> "{error,{tls_alert,\"unknown ca\"}}" >>>>> 21:29:53.668 [error] CRASH REPORT Process <0.162.0> with 0 neighbours >>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line >>>>> 33 >>>>> 21:29:53.671 [error] {mochiweb_socket_server,297,{a >>>>> cceptor_error,{error,accept_failed}}} >>>>> >>>>> As stated in the tutorial, it uses a self-signed certificate, so I do >>>>> not understand the "unknown ca" error. >>>>> >>>>> Any clue ? >>>>> Does anybody have managed to setup a HTTPS configuration ? >>>>> >>>>> Many thanks, >>>>> >>>>> Nicolas - >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2014/1/21 Kai Janson <[email protected]> >>>>> >>>>>> Take a look at the history of the file. The newer write up has some >>>>>> issues. >>>>>> >>>>>> Sent from my non-google-device >>>>>> >>>>>> On Jan 21, 2014, at 11:54 AM, Nicolas Michel <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I have a CB app which works fine in clear HTTP. >>>>>> But I need to make it work with HTTPS. >>>>>> I followed the recipe (copy/paste) I found here : >>>>>> >>>>>> https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup >>>>>> >>>>>> But it does not work. I've the following error : >>>>>> >>>>>> 17:52:33.010 [error] application: mochiweb, "Accept failed error", >>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>> 17:52:33.012 [error] CRASH REPORT Process <0.162.0> with 0 neighbours >>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 >>>>>> line >>>>>> 33 >>>>>> 17:52:33.014 [error] {mochiweb_socket_server,295,{a >>>>>> cceptor_error,{error,accept_failed}}} >>>>>> 17:52:33.016 [error] application: mochiweb, "Accept failed error", >>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>> 17:52:33.017 [error] CRASH REPORT Process <0.163.0> with 0 neighbours >>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 >>>>>> line >>>>>> 33 >>>>>> 17:52:33.018 [error] application: mochiweb, "Accept failed error", >>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>> 17:52:33.019 [error] CRASH REPORT Process <0.164.0> with 0 neighbours >>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 >>>>>> line >>>>>> 33 >>>>>> 17:52:33.022 [error] application: mochiweb, "Accept failed error", >>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>> 17:52:33.022 [error] CRASH REPORT Process <0.165.0> with 0 neighbours >>>>>> exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 >>>>>> line >>>>>> 33 >>>>>> 17:52:33.111 [error] {mochiweb_socket_server,295,{a >>>>>> cceptor_error,{error,accept_failed}}} >>>>>> 17:52:33.212 [error] {mochiweb_socket_server,295,{a >>>>>> cceptor_error,{error,accept_failed}}} >>>>>> 17:52:33.313 [error] {mochiweb_socket_server,295,{a >>>>>> cceptor_error,{error,accept_failed}}} >>>>>> >>>>>> Any idea ? >>>>>> >>>>>> br >>>>>> >>>>>> Nicolas - >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "ChicagoBoss" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/chicagoboss/CAAQ9oZox__LiOQPTj3x-ninrbZzhugmG-yZ_pFogr6P >>>>>> BbaHURA%40mail.gmail.com. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "ChicagoBoss" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/chicagoboss/170066BD-0BD2-440C-96BB-78913F778332%40gmail.com. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>> >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "ChicagoBoss" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> Visit this group at http://groups.google.com/group/chicagoboss. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/chicagoboss/603e000b-7df0-4acc-8bf8-c6acf92a0dfb% >>> 40googlegroups.com. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "ChicagoBoss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at http://groups.google.com/group/chicagoboss. > To view this discussion on the web visit > https://groups.google.com/d/msgid/chicagoboss/959ea54c-6f12-41ae-bf30-66e1e59acd46%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "ChicagoBoss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/chicagoboss. To view this discussion on the web visit https://groups.google.com/d/msgid/chicagoboss/CAAQ9oZoNC0PROMCMD-%3DKAArgEbbBffPGfmq52NwROK9HqdJ9UA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
