-
July 14th, 2014, 11:26 AM
#1
SSL considerations - self-signed certificate
With normal SSL transactions over HTTP it is possible for the user to add exceptions for incorrectly signed certificates to bypass SSL warnings during testing. This is very useful when the domain being used is not mentioned in the certificate (a fairly common issue when developing and testing).
I would like to know if it is possible to do the same sort of thing with WSS and Lightstreamer?
I would like to test my client/server combination in SSL mode, but the certificate will not necessarily be correctly signed. I don't care about that, I just care about encryption.
Is this possible?
-
July 14th, 2014, 05:53 PM
#2
the ls internal web server
Originally Posted by
kpturner
With normal SSL transactions over HTTP it is possible for the user to add exceptions for incorrectly signed certificates to bypass SSL warnings during testing. This is very useful when the domain being used is not mentioned in the certificate (a fairly common issue when developing and testing).
I would like to know if it is possible to do the same sort of thing with WSS and Lightstreamer?
I would like to test my client/server combination in SSL mode, but the certificate will not necessarily be correctly signed. I don't care about that, I just care about encryption.
Is this possible?
Did not get a chance to check that but i am pretty sure you can browse with https to the LS internal web server (https://your.push.dns.com) and accept the invalid cert warning.
Your browser should support the fake cert now when an LS connection is initiated.
A more complicated solution is to add the fake CA to your local trusted CAs, but if that doesnt ring a bell i guess its not for you.
Hope that helps.
-
July 14th, 2014, 09:11 PM
#3
Actually yes that is a very good point - however it seemed to connect without any warning at all even though I know the certificate is incorrectly signed for the domain.
-
July 15th, 2014, 08:59 AM
#4
What I have found is that if the certificate is correctly signed it connects instantly. If not, it connects eventually (sometimes takes 30 seconds or more). Is this correct?
-
July 15th, 2014, 09:01 AM
#5
Hi Kevin,
I confirm that if you accept the invalid cert warning once for the Lightstreamer push URL (adding an exception rule in the browser) then WSS or HTTPS connections succeed without any additional warnings.
-
July 15th, 2014, 09:24 AM
#6
I am not sure of the possible reasons for the delay, the connection should be instantaneous even with not signed certificates but for which the browser has an exception rule.
It might be a particular setting of the browser makes additional checks against an invalid certificate?
What browser are you using for this test?
-
July 15th, 2014, 12:11 PM
#7
In this test case I am using Chrome, and I don't ever remember creating an exception for the domain that I am connecting to.....and it is a new PC. I will try to verify that - my memory is not what it used to be
-
July 15th, 2014, 04:44 PM
#8
I can confirm that I have not added an exception or manually added the CA to my trust store. The connection still works, but it takes much longer to establish the connection. It even resorts to HTTP streaming by the looks of it. Other times it connects with web-socket streaming.
-
July 16th, 2014, 09:04 AM
#9
I am slightly puzzled by this scenario. It seems that your chrome does not care about the invalid certificate and still allows the connection to start.
I confirm you that the SSL ceritificate stuff are handled by the browser outside the Lighstreamer client library.
Have you the opportunity to raise to DEBUG level the logger
in this way we can investigate the dynamics of the SSL handshake and maybe figure out where all that time is lost.
Similar Threads
-
By patrickl in forum Client SDKs
Replies: 4
Last Post: December 20th, 2013, 05:06 PM
-
By cwt237 in forum Client SDKs
Replies: 4
Last Post: September 25th, 2013, 10:19 AM
-
By anselme in forum General
Replies: 6
Last Post: February 12th, 2013, 03:46 PM
-
By pwestlake in forum General
Replies: 1
Last Post: November 21st, 2008, 11:31 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
All times are GMT +1. The time now is 04:16 PM.
Bookmarks