Use a secure URL for your initial connection, i.e. instead of “http://” use “https://”. If the WebSocket transport is chosen, then Socket.IO should automatically use “wss://” (SSL) for the WebSocket connection too. Update: You can also try creating the connection using the ‘secure’ option: var socket = io.connect(‘https://localhost’, {secure: true});
Just to note that nginx has now support for Websockets on the release 1.3.13. Example of use: location /websocket/ { proxy_pass http://backend_host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; proxy_read_timeout 86400; } You can also check the nginx changelog and the WebSocket proxying documentation.
Security note: Disabling security checks is dangerous and should be avoided You can disable security checks globally for all requests of the default client: package main import ( “fmt” “net/http” “crypto/tls” ) func main() { http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} _, err := http.Get(“https://golang.org/”) if err != nil { fmt.Println(err) } } You can disable security … Read more
1. Using the x509 module openssl x509 … … 2 Using the ca module openssl ca … … You are missing the prelude to those commands. This is a two-step process. First you set up your CA, and then you sign an end entity certificate (a.k.a server or user). Both of the two commands elide … Read more
* Uses proxy env variable http_proxy == ‘https://proxy.in.tum.de:8080’ ^^^^^ The https:// is wrong, it should be http://. The proxy itself should be accessed by HTTP and not HTTPS even though the target URL is HTTPS. The proxy will nevertheless properly handle HTTPS connection and keep the end-to-end encryption. See HTTP CONNECT method for details how … Read more
I also wanted to create OPEN SSL for Windows 10. An easy way to do it without running into a risk of installing unknown software from 3rd party websites and risking entries of viruses, is by using the openssl.exe that comes inside your Git for Windows installation. In my case, I found the open SSL … Read more
Yes, it is. But using GET for sensitive data is a bad idea for several reasons: Mostly HTTP referrer leakage (an external image in the target page might leak the password[1]) Password will be stored in server logs (which is obviously bad) History caches in browsers Therefore, even though Querystring is secured it’s not recommended … Read more
I was able to convert pem to crt using this: openssl x509 -outform der -in your-cert.pem -out your-cert.crt
Your keys may already be in PEM format, but just named with .crt or .key. If the file’s content begins with —–BEGIN and you can read it in a text editor: The file uses base64, which is readable in ASCII, not binary format. The certificate is already in PEM format. Just change the extension to … Read more
Yes, the SSL connection is between the TCP layer and the HTTP layer. The client and server first establish a secure encrypted TCP connection (via the SSL/TLS protocol) and then the client will send the HTTP request (GET, POST, DELETE…) over that encrypted TCP connection. Note however (as also noted in the comments) that the … Read more