I have a website on example.com
, and a WebSocket server on example-websocket-server.com
.
Each have an SSL certificate so that I can access them from https://
I am using the websocket server as a websocket server for all the other websites, including example.com
(there are more websites). However the wss://
connection fails (ws://
works).
The websocket server uses Laravel-Websocket as the server and it asks for a path to the PEM certificate: https://beyondco.de/docs/laravel-websockets/basic-usage/ssl#configuration:
/* * Path to local certificate file on filesystem. It must be a PEM encoded file which * contains your certificate and private key. It can optionally contain the * certificate chain of issuers. The private key also may be contained * in a separate file specified by local_pk. */
So for that PEM certificate I used the same certificate as the https://
certificate I am using on IIS
However I have a few issues - the certificate I am using on IIS was a .pfx
file, with a given password string.
In order to create the PEM file used for the websocket server's wss
connection, I first exported the .pfx
to the PKCS7 file (.p7b
), and then used OpenSSL to convert it to a .cer
file. When I change the extension from .cer
to .pem
the file content look like that:
-----BEGIN PKCS7-----
[..long string..]
-----END PKCS7-----
(I tried using the file both as a .cer
and .pem
just in case)
But now the wss://
fails, and there is no debug information so I have no idea what is the cause. And in my case it can be multiple:
- I am using the wrong certificate
- The conversion I did from the
.pfx
to the.cer
/.pem
is wrong - There is cross-origin restriction on my app side (Laravel) and that's the problem because the websockets server and the website are on different URLs (but less likely because it works with
ws
) - Some configuration for WSS in IIS (Although normal
ws://
connection worked) - PKCS7 is not compatible and I need PKCS12?
Or other thing I did not think of yet