Comments (9)
I've had this happen on windows before, in the php.ini file under curl make sure the curl.cainfo = ... is set
https://curl.se/docs/caextract.html
from soketi.
Tom Scott explained about the CA on Computerphile a while ago.
To sum it up, CA are just certificates of third parties like Google, Trust Global, or other parties that agreed with Microsoft or Linux distributions to share their certificates with devices. In fact, you can look at your device's Trusted Root Certification Authorities
and see there are from certSIGN
, Comodo
, GlobalSign
(these are mine, but they can differ).
Now, not having them is going to be a pain because you'd probably not be able to access the internet over SSL. These certificates are being renewed automatically and they can issue more CAs for other parties (like Let's Encrypt, for example), and this thing can chain more - Let's Encrypt can issue more CAs if they want to (and if their CA allows them), but you're probably using Let's Encrypt for normal Certificates issued for a specific website.
Example: certSIGN ROOT CA (CA) -> Some Other Party (CA) -> Let's Encrypt (CA) -> Your https:// certificate (CERT)
If you have Let's Encrypt CA in your device but don't have the first two, you'll get invalidated because they cannot be trusted (that's why they're called Trust Chains). Some Other Party (CA) must not provide a CA bundle because most obviously certSIGN ROOT CA
is already trusted by most devices by default, but for Let's Encrypt, they need to provide Some Other Party's CA because most devices might not have it.
from soketi.
Just figured out that uWebSockets.js actually has a path for CA but it was undocumented 😓: #285
from soketi.
Server running on windows?
from soketi.
The server is running on Debian 9.
from soketi.
Thanks for the info. Yeah, I also saw that and tried that recommendation, but it's the same results.
from soketi.
It looks like I've got it working, so I just wanted to leave an update to share my findings and thoughts here in case anyone else runs into the same type of issue. Or if I'm misunderstanding something, someone can also correct me.
I'm no expert when it comes to this topic of SSL, so I just did a little more reading on what certain files actually are. It started with the ca-bundle.
CA Bundle is the file that contains root and intermediate certificates. Together with your server certificate (issued specifically for your domain), these files complete the SSL chain of trust. The chain is required to improve the compatibility of the certificates with web browsers, email clients, and mobile devices.
From what I understood of the issue, our Laravel app couldn't verify the SSL certificate I used with soketi. The certificate I originally used was only the primary certificate, so it didn't include the intermediate or root certificates. I figured that since the certificate used wasn't the full chain, that was causing an issue. So after reading over what the ca-bundle is again, it made sense as to why I needed it. And in this case, I figured I'd just try combining the primary certificate and then the ca-bundle, in that order since it should end with the root certificate, so that I would have the full chain. And using this combined file, that got it working.
Just some extra details, but our certificates are from DigiCert and they're PEM encoded.
Now, if I were to run curl https://my.site.com:6001
, I'll get OK
. I'll need to play around with soketi some more, but it seems pretty solid so far.
from soketi.
Thanks! I appreciate your reply and explanation.
from soketi.
Surprise. Good to know!
from soketi.
Related Issues (20)
- [REQUEST]: App ID & Secret HOT 4
- [BUG] Soketi Does Not Connect HOT 1
- [BUG] Soketi not starting on nodejs major v20 HOT 10
- [BUG] Duplicate messages being sent to client HOT 2
- [REQUEST] Consider using DragonflyDB and/or KeyDB instead of Redis HOT 2
- [REQUEST] Force Dockerfile.debian to VERSION 16 HOT 2
- EVENT_MAX_SIZE_IN_KB is not working in docker soketi HOT 1
- [BUG] queue redis driver HOT 2
- [REQUEST] Add Support for json export of metrics and usage HOT 1
- [BUG] I can't seem to install soketi in pnpm v8.12 and node v20 HOT 1
- Can't deploy it with ssl and nginx HOT 3
- soketi can not working in Docker ? HOT 5
- https://dash.soketi.app/register seems to be down HOT 7
- [REQUEST] Metrics direct logging? HOT 1
- Can't stablish ssl connection with soketi and laravel HOT 3
- Typo in docs HOT 2
- [BUG] Same port bug and or bug behind kubernetes LB? HOT 2
- [REQUEST] Statistic Collection for Dashboard project (link inside)
- soketi exec_curl error: "OpenSSL/1.1.1u: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure"
- [DOCUMENTATION] Docker tag 1-16-alpine does not work slash does not exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from soketi.