更新时间:2021-12-28 21:45:30
为了不让我的第一个答案复杂化更多信息,我在这里提供了对我来说真正有用的答案.
For not to complicate my first answer with more information, here I provide the answer that really worked for me after all.
我创建的安全 Websocket 服务器如下:
I created the Secure Websocket Server as follows:
public function handle() {
$loop = Factory::create();
$webSock = new SecureServer(
new Server('0.0.0.0:8443', $loop),
$loop,
array(
'local_cert' => 'C:/wamp64/bin/apache/apache2.4.41/conf/server.crt',
'local_pk' => 'C:/wamp64/bin/apache/apache2.4.41/conf/server.key',
'allow_self_signed' => TRUE,
'verify_peer' => FALSE
)
);
$webServer = new IoServer(
new HttpServer(
new WsServer(
new WebSocketController()
)
),
$webSock
);
$loop->run();
}
注意我把端口号改成了8443(我觉得这没什么关系),还把新的证书和密钥文件改了,生成如下:
Note I changed the port number to 8443 (I don't think this has something to do) and also changed the certificate and key files for the new ones, generated as follows:
openssl req -config config.conf -new -x509 -out server.crt -days 3650
openssl req -config config.conf -new -x509 -out server.crt -days 3650
config.conf 文件是:
And the config.conf file is:
[req]
default_bits = 2048
encrypt_key = no
default_md = sha256
default_keyfile = server.key
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
C = KH
ST = Siem Reap
L = SR
O = AHC
OU = IT
CN = localhost
[bs_section]
CA=false
所有不同之处在于最后一行 CA=false
表明我没有签署或充当证书颁发机构 (CA).这消除了 MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
消息.
All the difference lies in the last line CA=false
to indicate I did not signed or acted as a Certificate Authority (CA).
This gets rid of the MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
message.
然后,我去掉了 httpd-ssl.conf 文件中定义代理的行:
Then, I got rid of the lines that defined the proxy in my httpd-ssl.conf file:
<VirtualHost *:443>
ServerName ssa
DocumentRoot "d:/web/app/ssa/public"
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/server.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/server.key"
SSLVerifyClient none
SSLVerifyDepth 10
<Directory "d:/web/app/ssa/public">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
#Redirect /wss /wss/
#ProxyPass /wss/ ws://127.0.0.1:8090/
#ProxyPassReverse /ws/ wss://127.0.0.1:8090/
</VirtualHost>
请注意,对于这个虚拟主机,我使用了与 Secure Websocket 服务器相同的证书和密钥文件.
Please notice that for this virtual host I used the same certificate and key files I used for the Secure Websocket Server.
好的,这就是我的证书问题.
Ok, that was it for my certificate issue.
现在一切都按预期进行.
Now everything works as expected.