0

I have a website on example.com, and a WebSocket server on example-websocket-server.com.

Each have an SSL certificate so that I can access them from https://

I am using the websocket server as a websocket server for all the other websites, including example.com (there are more websites). However the wss:// connection fails (ws:// works).

The websocket server uses Laravel-Websocket as the server and it asks for a path to the PEM certificate: https://beyondco.de/docs/laravel-websockets/basic-usage/ssl#configuration:

/*
 * Path to local certificate file on filesystem. It must be a PEM encoded file which
 * contains your certificate and private key. It can optionally contain the
 * certificate chain of issuers. The private key also may be contained
 * in a separate file specified by local_pk.
 */

So for that PEM certificate I used the same certificate as the https:// certificate I am using on IIS

However I have a few issues - the certificate I am using on IIS was a .pfx file, with a given password string.

In order to create the PEM file used for the websocket server's wss connection, I first exported the .pfx to the PKCS7 file (.p7b), and then used OpenSSL to convert it to a .cer file. When I change the extension from .cer to .pem the file content look like that:

-----BEGIN PKCS7-----
[..long string..]
-----END PKCS7-----

(I tried using the file both as a .cer and .pem just in case)

But now the wss:// fails, and there is no debug information so I have no idea what is the cause. And in my case it can be multiple:

  1. I am using the wrong certificate
  2. The conversion I did from the .pfx to the .cer/.pem is wrong
  3. There is cross-origin restriction on my app side (Laravel) and that's the problem because the websockets server and the website are on different URLs (but less likely because it works with ws)
  4. Some configuration for WSS in IIS (Although normal ws:// connection worked)
  5. PKCS7 is not compatible and I need PKCS12?

Or other thing I did not think of yet

0

You must log in to answer this question.

Browse other questions tagged .