Copyright © https://mongoose-os.com

Mongoose OS Forum

frame
ATTENTION! This forum has moved to:

https://community.mongoose-os.com

Do not post any new messages.

Configure SSL certificates

I have generated SSL certificates for my domain, and I am trying to integrate them into my application. Using the free LetsEncrypt service, I have created the following PEM files:

(1) ca-0088..[characters omitted]..4FE5-crt.pem
(2) my.domain.com-chain.pem
(3) my.domain.com-crt.pem
(4) my.domain.com-csr.pem
(5) my-domain.com-key.pem

The mongoose library expects ssl_cert, ssl_key, and ssl_ca_cert. Can you confirm which of these files should be used for which of these Mongoose server parameters?

My guess would be (3) for ssl_cert, (5) for ssl_key, and (1) for ssl_ca_cert, but I get an SSL protocol error when launching the server with these files.

Comments

  • SergeySergey Dublin, Ireland

    Can you share the SSL setup code please?

  • struct mg_mgr mgr;
    mg_mgr_init(&mgr, NULL);
    struct mg_bind_opts bind_opts;
    memset(&bind_opts, 0, sizeof(bind_opts));
    bind_opts.ssl_cert = "cert.pem";
    bind_opts.ssl_key = "key.pem";
    bind_opts.ssl_ca_cert = "cacert.pem";
    struct mg_connection *c = mg_bind_opt(&mgr, ":443", web_event_handler, bind_opts);
    if (c == NULL) { ... error handling ... }
    mg_set_protocol_http_websocket(c);
    for (;;) {
        mg_mgr_poll(&mgr, 1000);
    }
    
  • www.ssllabs.com tells me that everything is fine. But Chrome, Firefox, Edge refuse to connect, saying there is a handshake error.

  • To be clear, the Mongoose server launches without giving any error codes, the problem is that the site is not accepted by the browser.

  • SergeySergey Dublin, Ireland
    edited September 2016

    Thank you. And what are your build flags, and target OS?

  • Build flags MG_ENABLE_SSL and CS_ENABLE_NATIVE_MD5. Compiled on Windows 10, running server on Windows Server 2012. If it would be useful I could give you the live URL of the server by private email.

  • This issue is now resolved, it was a client certificate issue.

  • SergeySergey Dublin, Ireland

    Thanks for letting us know, Jamie!

Sign In or Register to comment.