node-spdyproxy icon indicating copy to clipboard operation
node-spdyproxy copied to clipboard

Published 20 hours ago verified publisher icon igrigorik

getting confused by signed ssl

Open arminmacx opened this issue 9 years ago • 4 comments

Hi again,

And sorry for my post, I get my signed ssl from startssl and they gave me 3 file 1 for ssl.crt and 1 for root.pem and 1 for intermediate.pem and after that i put them on my server and start the spdy with my generated key which i used for generating csr for startssl and ssl.crt for my sll one and my server run but i couldn't connect to the server at all. what am i missing here. please help me

arminmacx avatar Mar 08 '15 09:03 arminmacx

@arminmacx hard to say without more detailed debug information. Check out chrome://net-internals/#sockets for the proxy connections and drill down into the socket to see the error messages. My guess is, your certificate validation is failing because the hostname is not correct, or you're not sending the correct certificate chain.

igrigorik avatar Mar 09 '15 22:03 igrigorik

@igrigorik thanks for you answer, please correct me if i'm wrong i create csr file using open ssl and copy paste its content to startssl certificate request and then i fill my domain name and they send me an activation then they generating me the crt file and intermediate and root file both in pem format then i send the crt file to my server then use my private key which i generate during creating csr file as my key and my crt file as certificate to start spdyproxy and it shows the spdyproxy working on port 44300 but on my client in my home i try to connect but nothing happend i checked the socket section in my chrome but there aren't any error. before this when i create self signed certificate i can connect to my server without any problem now i cant done it either way. it is why i said i really confuse now :D. so can you helping me to do this i need to do this to secure my connection and bypass censoreship

arminmacx avatar Mar 10 '15 10:03 arminmacx

@arminmacx a good walkthrough for StartSSL workflow: https://konklone.com/post/switch-to-https-now-for-free - in particular, check out the "installation" section. Note that for spdyproxy you do have to concat the intermediate cert in your "key" file, just like nginx..

igrigorik avatar Mar 10 '15 16:03 igrigorik

Ok i did what konklone said and i register new ssl and put it on my server again i cant connect to server. one very important thing is is it need to send myself one of certificate please don't be mad its correct and if yes which certificate need i used on my client. Again don't be mad at me if i didn't it right ok :D

arminmacx avatar Mar 11 '15 16:03 arminmacx