0

My main objective is to maintain TLS on a secure website. I'm currently running ws on an https site, the "SSL Lock" in Chrome is appearing red/broken because I am using a non-authenticated source from an https website. I need to secure the WebSocket so that the SSL Lock is preserved.

I've been searching the web for an example of how to implement wss in Java (server) and JavaScript (client), but I can't seem to find anything that I can use. I've seen a few examples of how create an SSL Server (I do have the necessary certificates for a TLS/SSL connection), but I'm not sure how to translate this to wss.

If anyone could provide an example on how to use wss from Java, I would greatly appreciate it.

skamazin
  • 757
  • 5
  • 12
  • What exactly are you asking here? If you are using a cert that does not link back to a CA trusted by your client platform you'll never get the green happiness in the browser bar no matter what framework/lib you use to implement your WebSocket with. – JJF Apr 07 '16 at 00:19

1 Answers1

1

A secure websocket can use a standard SSL certificate for a web server. You could do this in, for example, Tomcat or use Apache with mod_proxy_wstunnel between the browser and you Java server.

stdunbar
  • 16,263
  • 11
  • 31
  • 53
  • This seems to be the direction I want to go in. Do you have any resources for mod_proxy_wstunnel? I'm new to Apache =/ – skamazin Apr 07 '16 at 20:27
  • You'll want to take a look at the docs - https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html - to get an idea of how to get started. I'd personally start without SSL and then move to get a real SSL certificate for your Apache instance. You'll setup will be browser --> Apache --> Tomcat (or other server). – stdunbar Apr 07 '16 at 21:06
  • I already checked out the docs, but I couldn't get much from them. I tried `sudo yum install mod_proxy_wstunnel` in the Amazon EC2 instance, but it has no packages to install. I already have SSL set up for normal HTTPS, I just need it to apply for WebSockets, too. To my knowledge, I need the package before I can even continue, right? – skamazin Apr 09 '16 at 15:42
  • So after a little digging the first issue is that Amazon EC2's ("Amazon Linux AMI 2016.03.0") come with Apache 2.2 and mod_proxy_wstunnel is an Apache 2.4 thing. It might be easier to forget Apache and do this in Tomcat - it sounds like you've already got that working with a self-signed certificate. Tomcat has docs on this (http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html) that could help too. Otherwise you'll need to move to the Ubuntu EC2 AMI which does have Apache 2.4. – stdunbar Apr 10 '16 at 18:04
  • Could I `sudo yum install httpd24` to get Apache 2.4 on the EC2 box and then get mod_proxy_wstunnel, or would this ruin all the configs and SSL? – skamazin Apr 11 '16 at 01:39
  • I upgraded to Apache2.4 so I have the mod_proxy_wstunnel module. Which config files should I edit to get SSL to work on the WebSockets? I feel like I almost have the solution and I would really appreciate your help on finishing this. – skamazin Apr 17 '16 at 16:36