How do I config TLS for a client Endpoint?
444 views
Skip to first unread message
Mike Panetta
Sep 5, 2014, 8:29:49 PM9/5/14
to autob...@googlegroups.com
I'm trying to set up TLS so that I can get websockets to work through the corporate proxy, but I am having issues.
I have added the tls section to the config.json as is shown here: http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/ to both my router config (just used the default template) and modified the hello config similarly (only the certificate section) and I am getting the following error:
I'm not sure what I am doing wrong. :(
Version Info:
[mike@castellanus-lite hello]$ crossbar version
Crossbar.io software versions:
Crossbar.io : 0.9.7-6
Autobahn : 0.9.0
Twisted : 14.0.0-EPollReactor
Python : 2.7.5
UTF8 Validator : wsaccel-0.6.2
XOR Masker : wsaccel-0.6.2
Here is my hello config.json:
{
"controller": {
},
"workers": [
{
"type": "container",
"options": {
"pythonpath": [".."]
},
"components": [
{
"type": "class",
"classname": "hello.hello.AppSession",
"realm": "realm1",
"transport": {
"type": "websocket",
"endpoint": {
"type": "tcp",
"host": "noctilucent.me",
"port": 443,
"tls": {
"certificate": "server_cert.pem"
}
},
"url": "wss://noctilucent.me:443/ws"
}
}
]
}
]
}
Thanks for the help!
Mike
I have added the tls section to the config.json as is shown here: http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/ to both my router config (just used the default template) and modified the hello config similarly (only the certificate section) and I am getting the following error:
2014-09-06 00:24:03+0000 [Controller 29341] Exception: encountered unknown attribute 'certificate' in listening endpoint TLS configuration
I'm not sure what I am doing wrong. :(
Version Info:
[mike@castellanus-lite hello]$ crossbar version
Crossbar.io software versions:
Crossbar.io : 0.9.7-6
Autobahn : 0.9.0
Twisted : 14.0.0-EPollReactor
Python : 2.7.5
UTF8 Validator : wsaccel-0.6.2
XOR Masker : wsaccel-0.6.2
Here is my hello config.json:
{
"controller": {
},
"workers": [
{
"type": "container",
"options": {
"pythonpath": [".."]
},
"components": [
{
"type": "class",
"classname": "hello.hello.AppSession",
"realm": "realm1",
"transport": {
"type": "websocket",
"endpoint": {
"type": "tcp",
"host": "noctilucent.me",
"port": 443,
"tls": {
"certificate": "server_cert.pem"
}
},
"url": "wss://noctilucent.me:443/ws"
}
}
]
}
]
}
Thanks for the help!
Mike
Mike Panetta
Sep 11, 2014, 11:55:50 AM9/11/14
to autob...@googlegroups.com
Has nobody got TLS working with crossbar.io or Autobahn Python?
I was really hoping to use crossbar for a project, but it is a no go without TLS...
Mike
Tobias Oberstein
Sep 11, 2014, 3:15:46 PM9/11/14
to autob...@googlegroups.com
Am 11.09.2014 17:55, schrieb Mike Panetta:
> Has nobody got TLS working with crossbar.io or Autobahn Python?
Sure. Please have a look here:
> Has nobody got TLS working with crossbar.io or Autobahn Python?
https://github.com/crossbario/crossbar/wiki#going-to-production
and in particular:
https://github.com/crossbario/crossbar/wiki/Secure%20WebSocket%20and%20HTTPS
> "port": 443,
> "tls": {
> "certificate": "server_cert.pem"
> }
> },
> "url": "wss://noctilucent.me:443/ws
> <http://noctilucent.me:443/ws>"
> "tls": {
> "certificate": "server_cert.pem"
> }
> },
> "url": "wss://noctilucent.me:443/ws
> }
> }
> ]
> }
> ]
> }
>
>
> Thanks for the help!
>
> Mike
>
> --
> }
> ]
> }
> ]
> }
>
>
> Thanks for the help!
>
> Mike
>
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to autobahnws+...@googlegroups.com
> <mailto:autobahnws+...@googlegroups.com>.
> To post to this group, send email to autob...@googlegroups.com
> <mailto:autob...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com
> <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Mike Panetta
Sep 12, 2014, 1:33:48 PM9/12/14
to autob...@googlegroups.com
Thanks for those links, but I already followed them. The problem I am having is with the client side python api, I can't get it to use TLS. The router comes up fine using TLS, but there is no way to tell the clients to use it. If I try to use the options listed in the links for a client, it gives an error saying it does not know what the key or certificate options are for.
Basically I want to use the python client on my UDOO so that I can remotely control it from jenkins to sound alerts when things break. I'm just having issues getting the python client to talk TLS.
Thanks,
Mike
> <mailto:autobahnws+unsub...@googlegroups.com>.
Tobias Oberstein
Sep 13, 2014, 5:38:27 AM9/13/14
to autob...@googlegroups.com
Am 12.09.2014 19:33, schrieb Mike Panetta:
> Thanks for those links, but I already followed them. The problem I am
> having is with the client side python api, I can't get it to use TLS.
Ah, sorry. I see.
> Thanks for those links, but I already followed them. The problem I am
> having is with the client side python api, I can't get it to use TLS.
When using
- autobahn.twisted.wamp.ApplicationRunner
- autobahn.twisted.wamp.Application
you can simply use a secure WebSocket URL and it will work, like
wss://somehost.com:7777/somepath
or
wss://example.com
==
When you want your Crossbar hosted component connect via TLS to a
router, there is are some bits we need to add
https://github.com/crossbario/crossbar/issues/128
> The router comes up fine using TLS, but there is no way to tell the
> clients to use it. If I try to use the options listed in the links for
> a client, it gives an error saying it does not know what the key or
> certificate options are for.
>
> Basically I want to use the python client on my UDOO so that I can
> remotely control it from jenkins to sound alerts when things break. I'm
> just having issues getting the python client to talk TLS.
>
> Thanks,
> Mike
>
> On Thursday, September 11, 2014 3:15:46 PM UTC-4, Tobias Oberstein wrote:
>
> Am 11.09.2014 17:55, schrieb Mike Panetta:
> > "port": 443,
> > "tls": {
> > "certificate": "server_cert.pem"
> > }
> > },
> > "url": "wss://noctilucent.me:443/ws
> <http://noctilucent.me:443/ws>
> > <http://noctilucent.me:443/ws>"
> > }
> > }
> > ]
> > }
> > ]
> > }
> >
> >
> > Thanks for the help!
> >
> > Mike
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Autobahn" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to autobahnws+...@googlegroups.com <javascript:>
> > "tls": {
> > "certificate": "server_cert.pem"
> > }
> > },
> > "url": "wss://noctilucent.me:443/ws
> <http://noctilucent.me:443/ws>
> > <http://noctilucent.me:443/ws>"
> > }
> > }
> > ]
> > }
> > ]
> > }
> >
> >
> > Thanks for the help!
> >
> > Mike
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Autobahn" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > <mailto:autobahnws+...@googlegroups.com <javascript:>>.
> > To post to this group, send email to autob...@googlegroups.com
> <javascript:>
> > <mailto:autob...@googlegroups.com <javascript:>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com
> <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer
> >
> https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com
> <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> > For more options, visit https://groups.google.com/d/optout
>
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to autobahnws+...@googlegroups.com
> <mailto:autobahnws+...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to autobahnws+...@googlegroups.com
> To post to this group, send email to autob...@googlegroups.com
> <mailto:autob...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/autobahnws/25104383-ecaa-47ab-b0e8-35fa1ff5c44b%40googlegroups.com
> <mailto:autob...@googlegroups.com>.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/autobahnws/25104383-ecaa-47ab-b0e8-35fa1ff5c44b%40googlegroups.com?utm_medium=email&utm_source=footer>.
Mike Panetta
Sep 16, 2014, 11:09:03 AM9/16/14
to autob...@googlegroups.com
On Saturday, September 13, 2014 5:38:27 AM UTC-4, Tobias Oberstein wrote:
Am 12.09.2014 19:33, schrieb Mike Panetta:
> Thanks for those links, but I already followed them. The problem I am
> having is with the client side python api, I can't get it to use TLS.
Ah, sorry. I see.
When using
- autobahn.twisted.wamp.ApplicationRunner
- autobahn.twisted.wamp.Application
you can simply use a secure WebSocket URL and it will work, like
wss://somehost.com:7777/somepath
or
wss://example.com
Thanks! This worked perfectly!
==
When you want your Crossbar hosted component connect via TLS to a
router, there is are some bits we need to add
https://github.com/crossbario/crossbar/issues/128
I'll keep an eye on this, thanks!
Thanks,
Mike
Reply all
Reply to author
Forward
0 new messages