How do I config TLS for a client Endpoint?

#1

I’m trying to set up TLS so that I can get websockets to work through the corporate proxy, but I am having issues.

I have added the tls section to the config.json as is shown here: http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/ to both my router config (just used the default template) and modified the hello config similarly (only the certificate section) and I am getting the following error:

2014-09-06 00:24:03+0000 [Controller 29341] Exception: encountered unknown attribute ‘certificate’ in listening endpoint TLS configuration

I’m not sure what I am doing wrong. :frowning:

Version Info:
[mike@castellanus-lite hello]$ crossbar version

Crossbar.io software versions:

Crossbar.io : 0.9.7-6
Autobahn : 0.9.0
Twisted : 14.0.0-EPollReactor
Python : 2.7.5
UTF8 Validator : wsaccel-0.6.2
XOR Masker : wsaccel-0.6.2

Here is my hello config.json:

{
“controller”: {
},
“workers”: [
{
“type”: “container”,
“options”: {
“pythonpath”: ["…"]
},
“components”: [
{
“type”: “class”,
“classname”: “hello.hello.AppSession”,
“realm”: “realm1”,
“transport”: {
“type”: “websocket”,
“endpoint”: {
“type”: “tcp”,
“host”: “noctilucent.me”,
“port”: 443,
“tls”: {
“certificate”: “server_cert.pem”
}
},
“url”: “wss://noctilucent.me:443/ws”
}
}
]
}
]
}

Thanks for the help!

Mike

0 Likes

#2

Has nobody got TLS working with crossbar.io or Autobahn Python?

I was really hoping to use crossbar for a project, but it is a no go without TLS…

Mike

···

On Friday, September 5, 2014 8:29:49 PM UTC-4, Mike Panetta wrote:

I’m trying to set up TLS so that I can get websockets to work through the corporate proxy, but I am having issues.

I have added the tls section to the config.json as is shown here: http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/ to both my router config (just used the default template) and modified the hello config similarly (only the certificate section) and I am getting the following error:

2014-09-06 00:24:03+0000 [Controller 29341] Exception: encountered unknown attribute ‘certificate’ in listening endpoint TLS configuration

I’m not sure what I am doing wrong. :frowning:

Version Info:
[mike@castellanus-lite hello]$ crossbar version

Crossbar.io software versions:

Crossbar.io : 0.9.7-6
Autobahn : 0.9.0
Twisted : 14.0.0-EPollReactor
Python : 2.7.5
UTF8 Validator : wsaccel-0.6.2
XOR Masker : wsaccel-0.6.2

Here is my hello config.json:

{
“controller”: {
},
“workers”: [
{
“type”: “container”,
“options”: {
“pythonpath”: ["…"]
},
“components”: [
{
“type”: “class”,
“classname”: “hello.hello.AppSession”,
“realm”: “realm1”,
“transport”: {
“type”: “websocket”,
“endpoint”: {
“type”: “tcp”,
“host”: “noctilucent.me”,
“port”: 443,
“tls”: {
“certificate”: “server_cert.pem”
}
},
“url”: “wss://noctilucent.me:443/ws
}
}
]
}
]
}

Thanks for the help!

Mike

0 Likes

#3

Has nobody got TLS working with crossbar.io or Autobahn Python?

Sure. Please have a look here:

https://github.com/crossbario/crossbar/wiki#going-to-production

and in particular:

https://github.com/crossbario/crossbar/wiki/Secure%20WebSocket%20and%20HTTPS

···

Am 11.09.2014 17:55, schrieb Mike Panetta:

I was really hoping to use crossbar for a project, but it is a no go
without TLS...

Mike

On Friday, September 5, 2014 8:29:49 PM UTC-4, Mike Panetta wrote:

    I'm trying to set up TLS so that I can get websockets to work
    through the corporate proxy, but I am having issues.

    I have added the tls section to the config.json as is shown here:
    http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/
    <http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/> to both my
    router config (just used the default template) and modified the
    hello config similarly (only the certificate section) and I am
    getting the following error:

    2014-09-06 00:24:03+0000 [Controller 29341] Exception: encountered
    unknown attribute 'certificate' in listening endpoint TLS configuration

    I'm not sure what I am doing wrong. :frowning:

    Version Info:
    [mike@castellanus-lite hello]$ crossbar version

    Crossbar.io software versions:

    Crossbar.io : 0.9.7-6
    Autobahn : 0.9.0
    Twisted : 14.0.0-EPollReactor
    Python : 2.7.5
    UTF8 Validator : wsaccel-0.6.2
    XOR Masker : wsaccel-0.6.2

    Here is my hello config.json:

    {
        "controller": {
        },
        "workers": [
           {
              "type": "container",
              "options": {
                 "pythonpath": [".."]
              },
              "components": [
                 {
                    "type": "class",
                    "classname": "hello.hello.AppSession",
                    "realm": "realm1",
                    "transport": {
                       "type": "websocket",
                       "endpoint": {
                          "type": "tcp",
                          "host": "noctilucent.me <http://noctilucent.me>",
                          "port": 443,
                          "tls": {
                             "certificate": "server_cert.pem"
                          }
                       },
                       "url": "wss://noctilucent.me:443/ws
    <http://noctilucent.me:443/ws>"
                    }
                 }
              ]
           }
        ]
    }

    Thanks for the help!

    Mike

--
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com
<mailto:autobahnws+...@googlegroups.com>.
To post to this group, send email to autob...@googlegroups.com
<mailto:autob...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com
<https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#4

Thanks for those links, but I already followed them. The problem I am having is with the client side python api, I can’t get it to use TLS. The router comes up fine using TLS, but there is no way to tell the clients to use it. If I try to use the options listed in the links for a client, it gives an error saying it does not know what the key or certificate options are for.

Basically I want to use the python client on my UDOO so that I can remotely control it from jenkins to sound alerts when things break. I’m just having issues getting the python client to talk TLS.

Thanks,

Mike

···

On Thursday, September 11, 2014 3:15:46 PM UTC-4, Tobias Oberstein wrote:

Am 11.09.2014 17:55, schrieb Mike Panetta:

Has nobody got TLS working with crossbar.io or Autobahn Python?

Sure. Please have a look here:

https://github.com/crossbario/crossbar/wiki#going-to-production

and in particular:

https://github.com/crossbario/crossbar/wiki/Secure%20WebSocket%20and%20HTTPS

I was really hoping to use crossbar for a project, but it is a no go

without TLS…

Mike

On Friday, September 5, 2014 8:29:49 PM UTC-4, Mike Panetta wrote:

I'm trying to set up TLS so that I can get websockets to work
through the corporate proxy, but I am having issues.
I have added the tls section to the config.json as is shown here:
[http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/](http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/)
<[http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/](http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/)> to both my
router config (just used the default template) and modified the
hello config similarly (only the certificate section) and I am
getting the following error:
2014-09-06 00:24:03+0000 [Controller  29341] Exception: encountered
unknown attribute 'certificate' in listening endpoint TLS configuration
I'm not sure what I am doing wrong. :(
Version Info:
[mike@castellanus-lite hello]$ crossbar version
Crossbar.io software versions:
Crossbar.io     : 0.9.7-6
Autobahn        : 0.9.0
Twisted         : 14.0.0-EPollReactor
Python          : 2.7.5
UTF8 Validator  : wsaccel-0.6.2
XOR Masker      : wsaccel-0.6.2
Here is my hello config.json:
{
    "controller": {
    },
    "workers": [
       {
          "type": "container",
          "options": {
             "pythonpath": [".."]
          },
          "components": [
             {
                "type": "class",
                "classname": "hello.hello.AppSession",
                "realm": "realm1",
                "transport": {
                   "type": "websocket",
                   "endpoint": {
                      "type": "tcp",
                      "host": "[noctilucent.me](http://noctilucent.me) <[http://noctilucent.me](http://noctilucent.me)>",
                      "port": 443,
                      "tls": {
                         "certificate": "server_cert.pem"
                      }
                   },
                   "url": "wss://[noctilucent.me:443/ws](http://noctilucent.me:443/ws)
<[http://noctilucent.me:443/ws](http://noctilucent.me:443/ws)>"
                }
             }
          ]
       }
    ]
}
Thanks for the help!
Mike

You received this message because you are subscribed to the Google

Groups “Autobahn” group.

To unsubscribe from this group and stop receiving emails from it, send

an email to autobahnws+...@googlegroups.com

mailto:autobahnws+unsub...@googlegroups.com.

To post to this group, send email to auto...@googlegroups.com

mailto:autob...@googlegroups.com.

To view this discussion on the web visit

https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com

<https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer>.

For more options, visit https://groups.google.com/d/optout.

0 Likes

#5

Ah, sorry. I see.

When using

- autobahn.twisted.wamp.ApplicationRunner
- autobahn.twisted.wamp.Application

you can simply use a secure WebSocket URL and it will work, like

wss://somehost.com:7777/somepath

or

wss://example.com

···

Am 12.09.2014 19:33, schrieb Mike Panetta:

Thanks for those links, but I already followed them. The problem I am
having is with the client side python api, I can't get it to use TLS.

==

When you want your Crossbar hosted component connect via TLS to a router, there is are some bits we need to add

https://github.com/crossbario/crossbar/issues/128

  The router comes up fine using TLS, but there is no way to tell the
clients to use it. If I try to use the options listed in the links for
a client, it gives an error saying it does not know what the key or
certificate options are for.

Basically I want to use the python client on my UDOO so that I can
remotely control it from jenkins to sound alerts when things break. I'm
just having issues getting the python client to talk TLS.

Thanks,
Mike

On Thursday, September 11, 2014 3:15:46 PM UTC-4, Tobias Oberstein wrote:

    Am 11.09.2014 17:55, schrieb Mike Panetta:
     > Has nobody got TLS working with crossbar.io <http://crossbar.io>
    or Autobahn Python?

    Sure. Please have a look here:

    https://github.com/crossbario/crossbar/wiki#going-to-production
    <https://github.com/crossbario/crossbar/wiki#going-to-production>

    and in particular:

    https://github.com/crossbario/crossbar/wiki/Secure%20WebSocket%20and%20HTTPS
    <https://github.com/crossbario/crossbar/wiki/Secure%20WebSocket%20and%20HTTPS>

     >
     > I was really hoping to use crossbar for a project, but it is a no go
     > without TLS...
     >
     > Mike
     >
     > On Friday, September 5, 2014 8:29:49 PM UTC-4, Mike Panetta wrote:
     >
     > I'm trying to set up TLS so that I can get websockets to work
     > through the corporate proxy, but I am having issues.
     >
     > I have added the tls section to the config.json as is shown
    here:
     > http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/
    <http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/>
     > <http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/
    <http://crossbar.io/docs/Secure-WebSocket-and-HTTPS/>> to both my
     > router config (just used the default template) and modified the
     > hello config similarly (only the certificate section) and I am
     > getting the following error:
     >
     > 2014-09-06 00:24:03+0000 [Controller 29341] Exception:
    encountered
     > unknown attribute 'certificate' in listening endpoint TLS
    configuration
     >
     > I'm not sure what I am doing wrong. :frowning:
     >
     > Version Info:
     > [mike@castellanus-lite hello]$ crossbar version
     >
     > Crossbar.io software versions:
     >
     > Crossbar.io : 0.9.7-6
     > Autobahn : 0.9.0
     > Twisted : 14.0.0-EPollReactor
     > Python : 2.7.5
     > UTF8 Validator : wsaccel-0.6.2
     > XOR Masker : wsaccel-0.6.2
     >
     > Here is my hello config.json:
     >
     > {
     > "controller": {
     > },
     > "workers": [
     > {
     > "type": "container",
     > "options": {
     > "pythonpath": [".."]
     > },
     > "components": [
     > {
     > "type": "class",
     > "classname": "hello.hello.AppSession",
     > "realm": "realm1",
     > "transport": {
     > "type": "websocket",
     > "endpoint": {
     > "type": "tcp",
     > "host": "noctilucent.me
    <http://noctilucent.me> <http://noctilucent.me>",
     > "port": 443,
     > "tls": {
     > "certificate": "server_cert.pem"
     > }
     > },
     > "url": "wss://noctilucent.me:443/ws
    <http://noctilucent.me:443/ws>
     > <http://noctilucent.me:443/ws>"
     > }
     > }
     > ]
     > }
     > ]
     > }
     >
     > Thanks for the help!
     >
     > Mike
     >
     > --
     > You received this message because you are subscribed to the Google
     > Groups "Autobahn" group.
     > To unsubscribe from this group and stop receiving emails from it,
    send
     > an email to autobah...@googlegroups.com <javascript:>
     > <mailto:autobahnws+...@googlegroups.com <javascript:>>.
     > To post to this group, send email to auto...@googlegroups.com
    <javascript:>
     > <mailto:auto...@googlegroups.com <javascript:>>.
     > To view this discussion on the web visit
     >
    https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com
    <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com>

     >
    <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer
    <https://groups.google.com/d/msgid/autobahnws/73f5c151-aadf-4684-bff4-2a0b21b44486%40googlegroups.com?utm_medium=email&utm_source=footer>>.

     > For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

--
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com
<mailto:autobahnws+...@googlegroups.com>.
To post to this group, send email to autob...@googlegroups.com
<mailto:autob...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/autobahnws/25104383-ecaa-47ab-b0e8-35fa1ff5c44b%40googlegroups.com
<https://groups.google.com/d/msgid/autobahnws/25104383-ecaa-47ab-b0e8-35fa1ff5c44b%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#6

Thanks for those links, but I already followed them. The problem I am

having is with the client side python api, I can’t get it to use TLS.

Ah, sorry. I see.

When using

  • autobahn.twisted.wamp.ApplicationRunner

  • autobahn.twisted.wamp.Application

you can simply use a secure WebSocket URL and it will work, like

wss://somehost.com:7777/somepath

or

wss://example.com

Thanks! This worked perfectly!

==

When you want your Crossbar hosted component connect via TLS to a
router, there is are some bits we need to add

https://github.com/crossbario/crossbar/issues/128

I’ll keep an eye on this, thanks!

Thanks,

Mike

···

On Saturday, September 13, 2014 5:38:27 AM UTC-4, Tobias Oberstein wrote:

Am 12.09.2014 19:33, schrieb Mike Panetta:

0 Likes