I have a website on example.com, and a WebSocket server on example-websocket-server.com.
Each have an SSL certificate so that I can access them from https://
I am using the websocket server as a websocket server for all the other websites, including example.com (there are more websites). However the wss:// connection fails (ws:// works).
The websocket server uses Laravel-Websocket as the server and it asks for a path to the PEM certificate: https://beyondco.de/docs/laravel-websockets/basic-usage/ssl#configuration:
/*
* Path to local certificate file on filesystem. It must be a PEM encoded file which
* contains your certificate and private key. It can optionally contain the
* certificate chain of issuers. The private key also may be contained
* in a separate file specified by local_pk.
*/
So for that PEM certificate I used the same certificate as the https:// certificate I am using on IIS
However I have a few issues - the certificate I am using on IIS was a .pfx file, with a given password string.
In order to create the PEM file used for the websocket server's wss connection, I first exported the .pfx to the PKCS7 file (.p7b), and then used OpenSSL to convert it to a .cer file. When I change the extension from .cer to .pem the file content look like that:
-----BEGIN PKCS7-----
[..long string..]
-----END PKCS7-----
(I tried using the file both as a .cer and .pem just in case)
But now the wss:// fails, and there is no debug information so I have no idea what is the cause. And in my case it can be multiple:
- I am using the wrong certificate
- The conversion I did from the
.pfx to the .cer/.pem is wrong
- There is cross-origin restriction on my app side (Laravel) and that's the problem because the websockets server and the website are on different URLs (but less likely because it works with
ws)
- Some configuration for WSS in IIS (Although normal
ws:// connection worked)
- PKCS7 is not compatible and I need PKCS12?
Or other thing I did not think of yet
