I am using collider (https://github.com/webrtc/apprtc/tree/master/src/collider -a websockets server in go) and I am trying to add SSL/TLS support. For which I generated self-signed certificates:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:testwebsite.com
Organizational Unit Name (eg, section) []:Engineering
Common Name (e.g. server FQDN or YOUR name) []:www.testwebsite.com
Email Address []:[email protected]
When I run the collider, I see this error:
2017/06/05 21:25:50 Error Run: crypto/tls: failed to parse private key
When I generate using (based on http://www.kaihag.com/https-and-go/):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
I get this error:
2017/06/05 22:11:31 http: TLS handshake error from <some-ip>:1082: remote error: unknown certificate
How to fix this?
Note: collider uses golang.org/x/net/websocket
CN=www.example.comis probably wrong. Hostnames always go in the SAN. If its present in the CN, then it must be present in the SAN too (you have to list it twice in this case). For more rules and reasons, see How do you sign Certificate Signing Request with your Certification Authority and How to create a self-signed certificate with openssl? You will also need to place the self-signed certificate in the appropriate trust store. - jww