Simple-WebSocket-Server icon indicating copy to clipboard operation
Simple-WebSocket-Server copied to clipboard
verified publisher icon eidheim

Client example for two way ssl authentication / tls with custom client certificate

Open nickxpx opened this issue 11 years ago • 5 comments

I want connect to server with custom client certificate ssl file. How can i do this with your lib. Thank you.

nickxpx avatar Oct 16 '14 11:10 nickxpx

If I understand you correctly, you want to add custom (trusted) certification authorities from a file.

Try the latest version. I added the possibility to use custom certification authorities here, however, it is not tested. Try for instance with: SocketClient<WSS> client("some.wss.server.com", "ca.pem"); The certification authorities has to be in pem-format.

Please give me feedback if this works or not:)

eidheim avatar Oct 17 '14 11:10 eidheim

I have studied this issue abit more. You want to use a certificate for client authentication? In this case you have two files; the certificate and a private key file?

eidheim avatar Oct 17 '14 19:10 eidheim

Try latest version now with for instance: SocketClient client("some.wss.server.com", true, "ca.pem", "client.crt", "client.key");

if you do not need a custom certificataion authority file: SocketClient client("some.wss.server.com", true, "", "client.crt", "client.key");

Again this is not tested, and feedback would be appreciated.

eidheim avatar Oct 17 '14 19:10 eidheim

I test this later, first i want try this implementation on golang. I have CA Certaficate: ca.crt and ca.key I have Server Keys: server.crt and server.key And i have Clients keys: client.crt, client.key and ca.crt For browser i can use *.p12 or *.pfx keys Here example fo golang http://www.hydrogen18.com/blog/your-own-pki-tls-golang.html

"1 Create a Certificate Authority. This is commonly called a "CA". 2 Distribute the root certificate to all clients and servers. 3 Generate a server certificate for the server. 4 Use the CA to sign the server certificate. 5 Generate a client certificate for the client. 6 Use the CA to sign the client certificate. 7 Configure the server to trust the CA to authenticate clients. 8 Configure the client to trust the CA to authenticate servers."

nickxpx avatar Oct 18 '14 02:10 nickxpx

I decided to moved the pem-filename parameter to the end of SocketClient constructor so its similar to the SocketServer constructor: SocketClient client("some.wss.server.com", true, "client.crt", "client.key", "ca.pem");

eidheim avatar Nov 01 '14 17:11 eidheim