IMPORTANT: getUserMedia no longer work on no-secure websites (https://)
1,510 views
Skip to first unread message
Mamadou DIOP
Dec 4, 2015, 9:03:54 PM12/4/15
to doub...@googlegroups.com
Hello,
For information, starting Chrome 47 it's no longer possible to use
getUserMedia on no-secure website (http://*). You must use a secure
website(https://*). More info at https://goo.gl/rStTGz.
We've changed all our projects (conf-call, sipml5, webrtc2sip...) to use
https://. As you probably know it's not allowed to initiate no-secure
WebSocket connections (ws://) from a secure website (https://). This
means your application will no longer work if your not using secure
websocket connection (wss://).
If you're using click2dial please regenerate your button.
In short: You *must* use a secure website for production. You still can
use http://locahost for testing.
Regards,
For information, starting Chrome 47 it's no longer possible to use
getUserMedia on no-secure website (http://*). You must use a secure
website(https://*). More info at https://goo.gl/rStTGz.
We've changed all our projects (conf-call, sipml5, webrtc2sip...) to use
https://. As you probably know it's not allowed to initiate no-secure
WebSocket connections (ws://) from a secure website (https://). This
means your application will no longer work if your not using secure
websocket connection (wss://).
If you're using click2dial please regenerate your button.
In short: You *must* use a secure website for production. You still can
use http://locahost for testing.
Regards,
Abhisek Panda
Dec 18, 2015, 1:24:58 AM12/18/15
to discuss-doubango
Hi Mamadou,
Is it mean , now using RTCWeb Breaker module or Secure WebSocket transport (WSS) is mandatory ? Earlier we were not supporting WSS so it was no-secure website (http://*) & call was working fine but as per your notice i saw now with chrome 46 version my call is woking but not with 47 version. Can you guide what can be the options for handling this issue . Or is it a must now to use RTCWeb Breaker module or Secure WebSocket transport (WSS) & with out using thise module i won't be able to call if it is chrome 47 ?
Thanks & Regards,
Abhisek
Mamadou DIOP
Dec 18, 2015, 2:34:22 PM12/18/15
to doub...@googlegroups.com
Le 12/18/2015 7:24 AM, Abhisek Panda a
écrit :
Hi Mamadou,Is it mean , now using RTCWeb Breaker module or Secure WebSocket transport (WSS) is mandatory ? Earlier we were not supporting WSS so it was no-secure website (http://*) & call was working fine but as per your notice i saw now with chrome 46 version my call is woking but not with 47 version. Can you guide what can be the options for handling this issue . Or is it a must now to use RTCWeb Breaker module or Secure WebSocket transport (WSS) & with out using thise module i won't be able to call if it is chrome 47 ?
This is a must not an issue.
Thanks & Regards,Abhisek
On Saturday, December 5, 2015 at 7:33:54 AM UTC+5:30, Mamadou wrote:Hello,
For information, starting Chrome 47 it's no longer possible to use
getUserMedia on no-secure website (http://*). You must use a secure
website(https://*). More info at https://goo.gl/rStTGz.
We've changed all our projects (conf-call, sipml5, webrtc2sip...) to use
https://. As you probably know it's not allowed to initiate no-secure
WebSocket connections (ws://) from a secure website (https://). This
means your application will no longer work if your not using secure
websocket connection (wss://).
If you're using click2dial please regenerate your button.
In short: You *must* use a secure website for production. You still can
use http://locahost for testing.
Regards,
--
You received this message because you are subscribed to the Google Groups "discuss-doubango" group.
To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
mark mirasol
Dec 29, 2015, 10:34:54 PM12/29/15
to discuss-doubango
Hello Mamadou,
We are currently doing a new setup and even our self hosted copy of sipml5 cannot connect to sip proxy.
We are getting 401 unathorized on registration to the proxy server.
Could this be the cause of the issue? Please advise. Thanks.
mark mirasol
Dec 30, 2015, 12:59:19 AM12/30/15
to discuss-doubango
If we try to connect to ws://209.133.200.178:10061, we can connect but we are getting the error:
getUserMedia() no longer works on insecure origins.
If we try to connect to wss://209.133.200.178:10062, we get the error:
WebSocket connection to 'wss://209.133.200.178:10062/' failed: WebSocket opening handshake was canceled
but webrtc2sip seems to be listening on the port please see attached screenshots.
Mamadou DIOP
Dec 30, 2015, 10:31:59 AM12/30/15
to doub...@googlegroups.com
Le 12/30/2015 6:59 AM, mark mirasol a
écrit :
If we try to connect to ws://209.133.200.178:10061, we can connect but we are getting the error:getUserMedia() no longer works on insecure origins.
If we try to connect to wss://209.133.200.178:10062, we get the error:WebSocket connection to 'wss://209.133.200.178:10062/' failed: WebSocket opening handshake was canceled
You're probably using self-signed certs. Open
https://209.133.200.178:10062/ in chrome and accept the warning
message about the security issue then, try again in the same tab.
mark mirasol
Dec 30, 2015, 7:24:22 PM12/30/15
to discuss-doubango
Thank you. Yes, we are. I followed these links to generate the certificates.
I did a google search for the certificate subject. Other people also report that the certificates are considered malicious.
I tried that but it seems that chrome thinks these certificates are malicious. I'm getting this error.
Attackers might be trying to steal your information from 209.133.200.178 (for example, passwords, messages, or credit cards).
NET::ERR_CERT_INVALID
Subject: Internet Widgits Pty Ltd
Issuer: Internet Widgits Pty Ltd
Expires on: Dec 22, 2025
Current date: Dec 31, 2015
So is the solution to get an ssl certificate from somewhere and use those in the config instead?
Abhisek Panda
Dec 30, 2015, 9:09:48 PM12/30/15
to discuss-doubango
Don't you self signed certificates. It's not going to work out with self signed instead you need to buy trusted certificates. It's cost £20 I guess.
mark mirasol
Dec 30, 2015, 10:21:01 PM12/30/15
to discuss-doubango
Thank you, Mamadou and Abhisek Panda.
I'm using Google Chrome Version 47.0.2526.106 m.
I do not know where to accept the warning message.
If I go to https://209.133.200.178:10062/, there's no button to proceed unsafely.
The message was similar to this.
Abhisek, what troubles did you encounter with self-signed certificates? Please share.
What I learned is that the default setting for common name needs to match your url.
Before I left all the settings as default, following the links below.
So I redid the steps and was able to get it working by exporting the root certificate authority and importing it to windows.
After that, it worked.
ron....@entropysolution.com
Jan 6, 2016, 11:15:07 PM1/6/16
to discuss-doubango
Hi Mark,
Would you mind sharing your ssl-certificate configuration under the config.xml file? We are also having issues with self signed certificates.
BR,
Ron
mark mirasol
Jan 7, 2016, 12:54:43 AM1/7/16
to doub...@googlegroups.com
Hi Ron,
The only thing I did different was use our public ip when it asks for common name.
Common name needs to either match your domain, fqdn or ip address.
Everything else is the same.
Regards,
Mark
--
You received this message because you are subscribed to a topic in the Google Groups "discuss-doubango" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/doubango/-6XKVB_Y1kY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to doubango+u...@googlegroups.com.
ron....@entropysolution.com
Jan 7, 2016, 1:18:52 AM1/7/16
to discuss-doubango
Hi Mark,
Thank you for the info.
Our ssl-certificates config in config.xml shows like this:
<ssl-certificates>
/home/cg/myca/private/key.ca.cg.pem
/home/cg/myca/certs/crt.ca.cg.pem
*;
no
</ssl-certificates>
Is this complete or did we missed something? No errors received upon restarting the webrtc2sip server. We only have issue in the registration part.
BR,
Ron
mark mirasol
Jan 7, 2016, 1:29:12 AM1/7/16
to discuss-doubango
Ron, please share your chrome javascript console / webrtc2sip log so everyone can help you.
I am not an expert in vici or webrtc2sip. Credit goes to navaismo and mamadou for the great support.
I will share what I have learned in hopes that it can help but navaismo and mamadou are the experts, not me.
mark mirasol
Jan 7, 2016, 1:31:45 AM1/7/16
to discuss-doubango
I noticed your config file is missing semicolons at the end of the lines.
Here is the guide I followed to setup our instance.
ron....@entropysolution.com
Jan 7, 2016, 3:03:09 AM1/7/16
to discuss-doubango
Thanks for the info mark.
Mamadou already told us about the issue regarding the self-signed certificates on this thread "https://groups.google.com/forum/#!topic/doubango/7eVRYMW7IZY".
I'm checking other workarounds regarding the self-signed certificates. since you were able to make it work, i was hoping you can share what you have.
regarding the missing semicolon, we actually have those at the end of each certificate address. i think i just forgot to type it here. :)
BR,
Ron
mark mirasol
Jan 7, 2016, 3:40:05 AM1/7/16
to doub...@googlegroups.com
Oh ok. The only other thing I did was import the ca root certificate into my browser. This made the browser identify the certificate directly.
mark mirasol
Jan 7, 2016, 3:42:23 AM1/7/16
to doub...@googlegroups.com
The certificate I imported is the one generated from this link.
http://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on-linux/
ron....@entropysolution.com
Jan 7, 2016, 4:09:01 AM1/7/16
to discuss-doubango
Thanks mark for the help. :)
Much appreciated. I restarted chrome after putting the ca root certificate to my browser. now it returned FORBIDDEN error. I think we are now on the right track. ;)
Thank again.
BR,
Ron
Abhisek Panda
Jan 7, 2016, 4:28:39 AM1/7/16
to discuss-doubango
Guys, i've tried the below & my signalling is happening also audio is going.
You can create the ssl certificate by using comodo
It is easy to create & creating properly as well. Very less time it's getting created . Those crt & bundle files you can apply to be used by apache & config.xml of webrtc2sip.
In case can follow the below link as well but go for thre comodo solution.
mark mirasol
Jan 7, 2016, 5:17:13 AM1/7/16
to doub...@googlegroups.com
If you're getting that, click the padlock on the url box and see if your certificate can identify the site. At first mine said the url didnt match, that's what told me that something was wrong with my certificate.
But if it's red and it says the certificate has identified the site but the there's a problem with public verification (forgot the exact term) or something then you should be good to go.
mark mirasol
Jan 7, 2016, 5:17:49 AM1/7/16
to doub...@googlegroups.com
Thanks for sharing, Abhisek.
mark mirasol
Jan 7, 2016, 5:40:59 AM1/7/16
to doub...@googlegroups.com
Correction the term was certificate transparency. This is the last error shown on the padlock which we chose to ignore because our server is not sending any information to any public db for identification.
Gilbert Arias
Jul 10, 2016, 1:13:09 PM7/10/16
to discuss-doubango
hello i have added ssl cert to my website but still not working: https://www.infrasistemas.com.uy/
what should i do to fix the clicktocall button ?
Reply all
Reply to author
Forward
0 new messages