英文:
websocket - Error in connection establishment: net::ERR_INSECURE_RESPONSE
问题
无法连接到 WebSocket 服务器。
我使用与 nginx 相同的 private.key 和 public.crt。
该证书是自签名的,但在通过 nginx 的 HTTPS 访问网站的其余部分时正常工作。
当取消注释带有 http.ListenAndServe() 的行时,WebSocket 服务器可以使用 ws:// 进行工作。
package main
import (
"flag"
"fmt"
"log"
"net/http"
)
const PORT uint = 8000
func main(){
host := parse_flags()
hub := newHub()
go hub.run()
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
serve(hub, w, r)
})
server_host := fmt.Sprintf("%s:%d", host, PORT)
log.Println("Server listening on:", server_host)
err := http.ListenAndServeTLS(server_host, fmt.Sprintf("/var/ini/ssl/%s/public.crt", host), fmt.Sprintf("/var/ini/ssl/%s/private.key", host), nil)
//err := http.ListenAndServe(server_host, nil)
if err != nil {
log.Fatal("ListenAndServe:", err)
}
}
英文:
Can't connect to websocket server..
I use the exact same private.key and public.crt that I use with nginx
The cert is self-signed but works fine with the rest of the website over HTTPS via nginx
The websocket server works when using ws:// when the line with http.ListenAndServe() is uncommented
package main
import (
"flag"
"fmt"
"log"
"net/http"
)
const PORT uint = 8000
func main(){
host := parse_flags()
hub := newHub()
go hub.run()
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
serve(hub, w, r)
})
server_host := fmt.Sprintf("%s:%d", host, PORT)
log.Println("Server listening on:", server_host)
err := http.ListenAndServeTLS(server_host, fmt.Sprintf("/var/ini/ssl/%s/public.crt", host), fmt.Sprintf("/var/ini/ssl/%s/private.key", host), nil)
//err := http.ListenAndServe(server_host, nil)
if err != nil {
log.Fatal("ListenAndServe:", err)
}
}
答案1
得分: 9
我遇到了同样的错误,但我不知道你的URL。
我在HTTPS中使用了https://localhost:port,在WS中使用了wss://127.0.0.1:port。
所以我必须接受https://localhost和https://127.0.0.1的证书(仅限于Chrome浏览器)。
英文:
I had the same error, but I don't know your urls.
I used https://localhost:port for HTTPS and wss://127.0.0.1:port for WS.
So I had to accept the cert for https://localhost and https://127.0.0.1 (only in Chrome).
答案2
得分: 7
最新版本的Chrome似乎拒绝使用SHA-1证书,认为其不安全。你可能需要转向使用SHA-2证书。
英文:
It looks like newest version of Chrome now rejects SHA-1 certs as being insecure. You probably need to move to SHA-2 certs.
答案3
得分: 1
我之前一直在为这个问题和其他问题苦苦挣扎,直到我意识到我完全在错误的地方寻找我的密钥文件!
首先,证书和密钥都需要是.PEM文件。我正在使用Let's Encrypt,所以对我来说找到正确的位置(即_/etc/letsencrypt/live/domainName_)稍微容易一些。
如果你像我一样使用向导安装SSL证书,那么你需要对证书提供商进行一些调查。只需查找他们安装密钥的位置,并找到看起来适合作为“cert”和“key”的.PEM文件。
英文:
I was struggling with this issue and many others until I realized I was looking in the wrong place for my key files all together!
First off, the cert and key both need to be .PEM files. I'm using Let's Encrypt, so it was a little easier for me to find the right place (which was /etc/letsencrypt/live/domainName).
If you used a wizard to install your SSL certificate like I did, then you'll need to do a little research on the certificate provider. Just look up where your keys are installed by them and find the .PEM files that seem appropriate for a "cert" and "key".
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论