ssl

Third-Party Signed SSL Certificate for localhost or 127.0.0.1?

localhost You will never be issued a proper https cert for localhost. It is strictly forbidden. Because reasons. In short: Misconfigured devices actually exist, in the wild, that wait for lookups before resolving localhost from /etc/hosts If a router defines localhost.foo.local it may cause localhost to resolve incorrectly (you’ve probably seen this class of error … Read more

Import certificate as PrivateKeyEntry

You try to add certificate and expect that it will be private key – its confusion between two different things. Generally, when you create keystore (.jks) it include the private key inside. If its empty (deleted) you should generate bundle (.p12 file) from your key and certificates. In order to create new free key and … Read more

“verify error:num=20” when connecting to gateway.sandbox.push.apple.com

This produced a lot of output. In the middle of the output was the following: verify error:num=20:unable to get local issuer certificate verify return:0 You are missing a root certificate, and it should be specified either with -CAfile or with -CApath. However, you may encounter a handshake alert after you fix the root certificate issue. … Read more

WebSocket with SSL

The WebSocket connection starts its life with an HTTP or HTTPS handshake. When the page is accessed through HTTP, you can use WS or WSS (WebSocket secure: WS over TLS) . However, when your page is loaded through HTTPS, you can only use WSS – browsers don’t allow to “downgrade” security.

NGINX to reverse proxy websockets AND enable SSL (wss://)?

Just to note that nginx has now support for Websockets on the release 1.3.13. Example of use: location /websocket/ { proxy_pass ​http://backend_host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; proxy_read_timeout 86400; } You can also check the nginx changelog and the WebSocket proxying documentation.