Hi,
I have been using a CEF build from http://cefbuilds.com and connecting with HTTPS to a URL like https://mycomputer.com/. Here I have changed my hosts file to match a valid SSL certificate from a trusted authority (Verisign). When I brows to the HTTP server the CEF build is challenged for a client certificate, I choose the one I want, and I am presented with a page. This works perfectly, as I would expect.
However, from the loaded page I have two URLS. One is ws://mycomputer.com/ and the other is wss://mycomputer.com/. The secure one does not work, but the other does. This is because the wss:// URL is being challenged for a certificate.
My question is, how can I get CEF working with wss:// URLs, in a way that allows a digital certificate to be used. Preferably I could call something like:
cef_handle.set_pfx_file("c:\blah\my_pfx.pfx").
Any help would be much appreciated.
Thanks
Niall
Chromium Embedded Framework Forum
Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.
Two Way SSL for WebSockets
4 posts
• Page 1 of 1
Two Way SSL for WebSockets
by niall » Mon Aug 04, 2014 1:32 am
- niall
- Newbie
- Posts: 3
- Joined: Mon Aug 04, 2014 1:23 am
Re: Two Way SSL for WebSockets
by niall » Mon Aug 04, 2014 11:57 pm
Hi,
It turns out client certificates do not even work with "https", this seems like a rather large problem for deploying CEF in security sensitive environments. I would like to volunteer to do some work to at the very least select a single PKCS#12 file to use for securing HTTPS and WSS connections.
Has any work been done on getting CEF to work with client certificates in the past? Perhaps leveraging existing Chromium features? I would rather not reinvent the wheel here.
Thanks,
Niall
It turns out client certificates do not even work with "https", this seems like a rather large problem for deploying CEF in security sensitive environments. I would like to volunteer to do some work to at the very least select a single PKCS#12 file to use for securing HTTPS and WSS connections.
Has any work been done on getting CEF to work with client certificates in the past? Perhaps leveraging existing Chromium features? I would rather not reinvent the wheel here.
Thanks,
Niall
- niall
- Newbie
- Posts: 3
- Joined: Mon Aug 04, 2014 1:23 am
Re: Two Way SSL for WebSockets
by air » Wed Jan 28, 2015 1:04 am
Has there been any progress here? I am in a similar situation:
I have a self signed Server Certificate running in a Tomcat, which also requires Client-Certificates.
The Client Certificate is signed by a CA the tomcat trusts (again all self-signed) and installed in the windows internet options. Connecting through IE and Firefox is fine. Chrome asks for a client certificate when accessing the web application on the tomcat server.
The embedded Chromium does not use the certificate given by windows and also does not allow any usage of a client certificate as far as I have seen.
Any hints?
I have a self signed Server Certificate running in a Tomcat, which also requires Client-Certificates.
The Client Certificate is signed by a CA the tomcat trusts (again all self-signed) and installed in the windows internet options. Connecting through IE and Firefox is fine. Chrome asks for a client certificate when accessing the web application on the tomcat server.
The embedded Chromium does not use the certificate given by windows and also does not allow any usage of a client certificate as far as I have seen.
Any hints?
- air
- Newbie
- Posts: 9
- Joined: Tue Jan 13, 2015 4:36 am
Re: Two Way SSL for WebSockets
by magreenblatt » Wed Jan 28, 2015 12:45 pm
You can look at how Chrome implements this functionality. We would need to do something similar in CEF.
- magreenblatt
- Site Admin
- Posts: 12409
- Joined: Fri May 29, 2009 6:57 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 102 guests