websocket – 连接建立错误:net::ERR_INSECURE_RESPONSE

huangapple go评论82阅读模式
英文:

websocket - Error in connection establishment: net::ERR_INSECURE_RESPONSE

问题

无法连接到 WebSocket 服务器。

我使用与 nginx 相同的 private.keypublic.crt

该证书是自签名的,但在通过 nginx 的 HTTPS 访问网站的其余部分时正常工作。

当取消注释带有 http.ListenAndServe() 的行时,WebSocket 服务器可以使用 ws:// 进行工作。

package main

import (
	"flag"
	"fmt"
	"log"
	"net/http"
)

const PORT uint = 8000

func main(){
	host := parse_flags()
	
	hub := newHub()
	go hub.run()
	
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		serve(hub, w, r)
	})
	
	server_host := fmt.Sprintf("%s:%d", host, PORT)
	
	log.Println("Server listening on:", server_host)
	
	err := http.ListenAndServeTLS(server_host, fmt.Sprintf("/var/ini/ssl/%s/public.crt", host), fmt.Sprintf("/var/ini/ssl/%s/private.key", host), nil)
	//err := http.ListenAndServe(server_host, nil)
	if err != nil {
		log.Fatal("ListenAndServe:", err)
	}
}
英文:

Can't connect to websocket server..

I use the exact same private.key and public.crt that I use with nginx

The cert is self-signed but works fine with the rest of the website over HTTPS via nginx

The websocket server works when using ws:// when the line with http.ListenAndServe() is uncommented

package main

import (
	"flag"
	"fmt"
	"log"
	"net/http"
)

const PORT uint = 8000

func main(){
	host := parse_flags()
	
	hub := newHub()
	go hub.run()
	
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		serve(hub, w, r)
	})
	
	server_host := fmt.Sprintf("%s:%d", host, PORT)
	
	log.Println("Server listening on:", server_host)
	
	err := http.ListenAndServeTLS(server_host, fmt.Sprintf("/var/ini/ssl/%s/public.crt", host), fmt.Sprintf("/var/ini/ssl/%s/private.key", host), nil)
	//err := http.ListenAndServe(server_host, nil)
	if err != nil {
		log.Fatal("ListenAndServe:", err)
	}
}

答案1

得分: 9

我遇到了同样的错误,但我不知道你的URL。

我在HTTPS中使用了https://localhost:port,在WS中使用了wss://127.0.0.1:port
所以我必须接受https://localhosthttps://127.0.0.1的证书(仅限于Chrome浏览器)。

英文:

I had the same error, but I don't know your urls.

I used https://localhost:port for HTTPS and wss://127.0.0.1:port for WS.
So I had to accept the cert for https://localhost and https://127.0.0.1 (only in Chrome).

答案2

得分: 7

最新版本的Chrome似乎拒绝使用SHA-1证书,认为其不安全。你可能需要转向使用SHA-2证书。

英文:

It looks like newest version of Chrome now rejects SHA-1 certs as being insecure. You probably need to move to SHA-2 certs.

答案3

得分: 1

我之前一直在为这个问题和其他问题苦苦挣扎,直到我意识到我完全在错误的地方寻找我的密钥文件!

首先,证书和密钥都需要是.PEM文件。我正在使用Let's Encrypt,所以对我来说找到正确的位置(即_/etc/letsencrypt/live/domainName_)稍微容易一些。

如果你像我一样使用向导安装SSL证书,那么你需要对证书提供商进行一些调查。只需查找他们安装密钥的位置,并找到看起来适合作为“cert”和“key”的.PEM文件。

英文:

I was struggling with this issue and many others until I realized I was looking in the wrong place for my key files all together!

First off, the cert and key both need to be .PEM files. I'm using Let's Encrypt, so it was a little easier for me to find the right place (which was /etc/letsencrypt/live/domainName).

If you used a wizard to install your SSL certificate like I did, then you'll need to do a little research on the certificate provider. Just look up where your keys are installed by them and find the .PEM files that seem appropriate for a "cert" and "key".

huangapple
  • 本文由 发表于 2017年3月9日 23:20:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/42699051.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定