How to connect to SSL Server from Javascript, using self-signed certificates?

Question

I created a simple example of what I am trying to do.

I have the server code like this:

package com.company;

import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;

public class EchoServer {
    public
    static
    void
    main(String[] arstring) {
        try {

            SSLServerSocketFactory sslserversocketfactory =
                    (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            SSLServerSocket sslserversocket =
                    (SSLServerSocket) sslserversocketfactory.createServerSocket(9999);
            SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

            InputStream inputstream = sslsocket.getInputStream();
            InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
            BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

            String string = null;
            while ((string = bufferedreader.readLine()) != null) {
                System.out.println(string);
                System.out.flush();
            }
        } catch (Exception exception) {
            exception.printStackTrace();
        }
    }
}

And the client code like this:

<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta charset="utf-8">

    <script type="text/javascript">
        function onClick(){
            var wrc_socket = new WebSocket('wss://localhost:9999');
            wrc_socket.onmessage = function(event) {
                alert('message = '+event.data);
            };
            wrc_socket.onclose = function(event) {
                alert('Socket is close!');
            };
            wrc_socket.onopen = function(event) {
                alert('Socket is open!');
            };
            wrc_socket.send('Hi there!');
            alert('Done!');
        }
    </script>
</head>

<body>
    <a href="#" onclick="onClick()">Test!</a>
</body>
</html>

I have created the private and public key pair and imported it in the keystore file as it is described here.

I ran the server application with the parameters:

-Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.debug=all

When I click the Test button, I get this errors in ssl debug:

main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01                                  ......
Disconnected from the target VM, address: '127.0.0.1:64118', transport: 'socket'

For some reason the connection is closing during the handshake. I can't figure out the reason for that, please advice the solution or some ideas to check.

You need to import the server's certificate (public key) to the browser you're running the JavaScript on. Import the cert into the cert authority certificate store (because it's used for self-signing). — Mick Mnemonic, Jan 26 '16 at 20:56
the keys are included in the https configuration of the apache webserver: like this SSLCertificateFile "/usr/local/apache/conf/cert/server.crt" SSLCertificateKeyFile "/usr/local/apache/conf/cert/server.key" I thougt that wss connection is proceeding above the https, thus these keys should be used. — Алексей Ч, Jan 26 '16 at 21:33
Your terminology is all over the place. You don't have self-signed keys, you have self-signed certificates. — user207421, Jan 26 '16 at 22:29
Did the server send a CertificateRequest? And if so, did the client send a certificate? — user207421, Jan 26 '16 at 23:40
EJP, sorry for the mess in the terminology. Kinda new in this. I do not see the certificate request in ssl debug: *** ServerHello, TLSv1.2 *** Certificate chain *** ECDH ServerKeyExchange *** ServerHelloDone and that's it. After that client sends *** ECDHClientKeyExchange *** Finished — Алексей Ч, Jan 27 '16 at 18:21
Is this important part of the handshake? How can I control appearance of this message? — Алексей Ч, Jan 27 '16 at 18:22

score 0 · Answer 1 · answered Oct 25 '16 at 20:53

Finally, i figured out what was the reason. during the generation of certificates or keys (what ever...) I put the supposed server name, but during wss connect the address was the ip - thus, there was mismatch and handshake failed.

Conclusion: make sure that your wss uses the same url as the name with ssl.

How to connect to SSL Server from Javascript, using self-signed certificates?

1 Answers1