I have to admit I’m relatively new in dealing with this (SSL/TLS) in application code. So I don’t think I’m understanding something here.
This is a local onsite app, so I have hardware/sensors deployed that generate data streams that I collect with services running on the same host as Apache. Those services are wrote in python and I would like to use Autobahn to push the data streams to my web clients via websockets.
The web application stuff is working, clients are synced via subscribing and publishing, but the python services are not able to connect to the Crossbar instance because the SSL is breaking.
I do not have any PEM files. Now I think I understand that PEM is just the .crt and .key files combined, in the correct format of course, correct?
I have the .crt and .key files stored in /etc/apache2/ssl/ so Apache can access them. My Crossbar config file is also pointed at those same files, actually I am using a symlink to keep the applicatio code consistent across future file locations, but that shouldn’t be effecting anything.
Since these collector scripts I am writing are on the same host as everything else, I am pointing them to the same .crt as well. Here is the actual setup in the python script:
cert = crypto.load_certificate(
where …/…/tls/server.crt is the same exact file path that Crossbar is using for the .crt file as well as Apache.
So, maybe there is some mis-understanding on my part here, very likely. If I need a better crash course on SSL just tell me so.
On Saturday, October 21, 2017 at 5:17:03 PM UTC-7, Trendal Toews wrote:
I’m having trouble getting Crossbar to accept connections from python using Autobahn over SSL.
OS Ubuntu 16.04 / Mint 18
OpenSSL 1.0.2g Mar 2016
Ubuntu 16.04 is using signed certs from Comodo, Mint 18 (my test platform) is using LetsEncrypt certs. If I use the (Apache) self signed certs everything works.
The python scripts are running on the host that Crossbar is running on, pointed to the same certs and I verified that there is no permission issues, I can print the certs out in the python scripts.
If this is a bug, I’d like to dig it out, if it’s something I’m doing wrong, I’d like to know because I’ve spent many hours on it already and have not reached any conclusion.
crossbar.router.protocol.WampWebSocketServerProtocol] connection accepted from peer tcp4:192.168.0.2:48922
crossbar.router.protocol.WampWebSocketServerProtocol] Connection made to tcp4:192.168.0.2:48922
crossbar.router.protocol.WampWebSocketServerProtocol] Connection to/from tcp4:192.168.0.2:48922 lost (<class ‘OpenSSL.SSL.Error’>): [(‘SSL routines’, ‘ssl3_read_bytes’, ‘tlsv1 alert unknown ca’)])
crossbar.router.protocol.WampWebSocketServerProtocol] _connectionLost: [Failure instance: Traceback: <class ‘OpenSSL.SSL.Error’>: [(‘SSL routines’, ‘ssl3_read_bytes’, ‘tlsv1 alert unknown ca’)]