WSS connection issues

Discussion in 'Web Call Server 4' started by Howard Fluker, Jul 7, 2015.

  1. Howard Fluker

    Howard Fluker Member

    Hello,
    We have implemented an SSL certificate on our webserver and now we need to implement WSS service in order to browser allows websockets connections. I followed steps described in WCS Admin Guide in the Security section (page 91) to import certificates. SSL certificates are provided by GoDaddy and we got the TomCat related files. No PEM files were included, thus, we converted them before to import. We used the following instructions to import:
    Code:
    openssl pkcs12 -export -in tgn.crt -inkey tgn.key -out tgn.p12 -name "*.thegridnet.com"
    keytool -importkeystore -srckeystore tgn.p12 -srcstoretype PKCS12 -destkeystore /usr/local/FlashphonerWebCallServer/conf/wss.jks
    openssl x509 -in root.crt -out root.pem -outform PEM
    keytool -import -keystore /usr/local/FlashphonerWebCallServer/conf/wss.jks -file root.pem -alias ca-root
    openssl x509 -in bundle.crt -out bundle.pem -outform PEM
    keytool -import -keystore /usr/local/FlashphonerWebCallServer/conf/wss.jks -file bundle.pem -alias ca-intermediate
    No errors were reported during import process. Just "Certificate was added to keystore"
    Then we added the corresponding password configuration into the flashphoner.properties configuration file:
    Code:
    wss.keystore.password=<our-password>
    wss.cert.password=<our-password>
    
    We restarted service after that but connection goes TIMED OUT. SSL is working properly on Apache for HTTPS service.
    What can be wrong with configuration process or what can we do to solve this issue? Thanks
  2. Max

    Max Administrator Staff Member

    Did you set
    Code:
    <url_ws_server>wss://[our-server-name]:8443</url_ws_server>
    in flashphoner.xml?
    Try to open this page in your web browser:
    https://[our-server-name]:8443
    What do you see? Click on https badge in the browser URL string. What is HTTPS details?
    You will be able to see similar picture if HTTPS is configured properly:

    https.png
  3. Howard Fluker

    Howard Fluker Member

    This is our flashphoner.xml
    [​IMG]
    This is the Chrome console logs with TIMED OUT output.
    [​IMG]
    And this is the netstat -nlp | grep java output to check opened ports. Port 8443 is open and allowed by firewall.
    [​IMG]
    https://[our-server-name]:8443 stay loading (seems that trying to handshake ssl connection) but then there is no response in the browser.
  4. Max

    Max Administrator Staff Member

    wss.keystore.password must be configured in the server.properties config.
    Is it a typo?
  5. Howard Fluker

    Howard Fluker Member

    As described in the Admin Guide (http://flashphoner.com/docs/wcs4/wcs_docs/pdf/en/wcs-admin-guide.pdf), section "6.1.1.1 Settings" on page 91 "The following settings in the file flashphoner.properties are responsible for Secure Websockets".
    We followed those instructions to configure SSL certificate. We are going to add password configuration into server.properties file and try again. Then we will notify you.
  6. Howard Fluker

    Howard Fluker Member

    We updated the server.properties file with right password and seems to be allowing WSS connection, but the https://[our-server]:8443 do not give us any response. However, WSS connection now is allowed.
  7. Max

    Max Administrator Staff Member

    https://[our-server]:8443
    This page does not provide any response. It just indicates whether https works or not.
    Code:
    "The following settings in the file flashphoner.properties are responsible for Secure Websockets".
    It is an error in docs. We will fix it. Thanks.
    If you open default server.properties config you will see default wss.xxx settings

Share This Page