I have also been playing around with this. I went for using stunnel to handle the actual termination, and then editing the socket.io code to force the websockets to be initialised using wss:// instead.
On 16 January 2012 09:27, Thomas Leonard <[email protected]> wrote: > Are there any instructions on configuring WiaB to use SSL? > > I tried changing ServerRpcProvider to use SslSelectChannelConnector instead > of SelectChannelConnector and that allowed me to view the login page using > https://localhost:9898, but then it gives lots of errors like this: > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? > > so I assume some change is needed at the client end too. > > The reasons I want to do this are: > > 1. The usual encryption/confidentiality reasons. > > 2. I can allow access only for our organisation by only trusting our CA, > meaning I don't have to rely so much on the correctness of the WiaB auth > code. > > 3. Hopefully I can use client authentication so that users don't need to log > in or remember passwords, etc. This also means that everyone will get the > correct user name (rather than letting them choose their own), which is > important for the imported waves (otherwise, someone can register a new > account with someone else's name and get access to that person's imported > waves). > > Thanks, > > > -- > Dr Thomas Leonard > IT Innovation Centre > Gamma House, Enterprise Road, > Southampton SO16 7NS, UK > > > tel: +44 23 8059 8866 > > mailto:[email protected] > http://www.it-innovation.soton.ac.uk/
