-
Notifications
You must be signed in to change notification settings - Fork 37
SSL Configuration
If you want to use WebSockets Secure with WebConsole (An encrypted connection between Client and Server instead of sending plaintext) you need to enable it replacing useSSL: false to useSSL: true in your config.yml and generating your keystore.jks. You can achieve this by generating a selfsigned certificate or using a valid one, like a Let's Encrypt certificate.
The fast way, but only recommended for testing purposes. Generate your certificate by running this command on your machine
keytool -genkey -keyalg RSA -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"
Remember to replace required values (the bold ones), so final command looks like this:
keytool -genkey -keyalg RSA -validity 3650 -keystore "keystore.jks" -storepass "myVerySecurePaSSword" -keypass "aVerySecurePaSSw0rdAgain" -alias "default" -dname "CN=127.0.0.1, OU=WebConsoleDevelopers, O=WebConsole, L=Madrid, S=Madrid, C=Spain"
Then, to enable connections from your browser remember to first navigate to https://server_ip:8080/ (change server_ip with your server IP, and port if you changed it before at config.yml) and skip the security warning (Click on connect anyway). This is required in order to allow your browser to connect to servers using your own selfsigned certificate. If you don't follow this step, your browser will block connections to your WebSockets Server.
NOTE: Your browser will stop trusting your certificate in some hours/days, this will cause WebConsole being unable to connect to your server. To solve this, repeat this last step (Just browse to the URL and click on connect anyway)
WebConsole does not support PEM certificates, so you will need to convert it to create your keystore.jks file. Follow the steps mentioned in this guide, also explained here:
- Convert certificate chain + private key to the PKCS#12 file format. You will be asked for a password: Remember it as it will be the StorePassword required in your config.yml
openssl pkcs12 -export -out keystore.pkcs12 -in fullchain.pem -inkey privkey.pem
- convert PKCS#12 file into Java keystore format. You will be asked for another password. This time you are typing the KeyPassword, also required in config.yml
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks
- PKCS#12 file can be deleted
rm keystore.pkcs12
- Copy keystore.jks to your plugin folder (plugins/WebConsole/keystore.jks)
WebConsole - MIT License - mesacarlos