WebPagetest Forums
Agent to server using https - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: WebPagetest (/forumdisplay.php?fid=7)
+--- Forum: Private Instances (/forumdisplay.php?fid=12)
+--- Thread: Agent to server using https (/showthread.php?tid=12114)



Agent to server using https - bdbr - 03-16-2013 07:32 AM

One of the things that has been an issue for us is the lack of HTTP for the agent to server (since there could be passwords in there). I had already set up the server for https but the agent didn't work before. Thank you for fixing that!

Unfortunately it isn't working for us because the agent is logging "Certificate authority invalid or incorrect". We're using self-signed certs. Is there any way around that?


RE: Agent to server using https - pmeenan - 03-16-2013 08:52 AM

Which agent (urlblast or wptdriver)? I thought I configured them both to ignore certificate warnings but I may have missed an option.

I'm assuming you are using the 2.10 release.


RE: Agent to server using https - bdbr - 03-17-2013 01:58 AM

(03-16-2013 08:52 AM)pmeenan Wrote:  Which agent (urlblast or wptdriver)? I thought I configured them both to ignore certificate warnings but I may have missed an option.

I'm assuming you are using the 2.10 release.

Using urlblast with the 2.10 agent.


RE: Agent to server using https - bdbr - 03-27-2013 03:25 AM

I haven't heard a reply, but I have found a workaround that is version-independent.

I used stunnel (http://www.stunnel.org) to create an SSL stunnel from the client. The catch was that the SNI had to match what was used in urlblast.ini. I configured urlblast.ini to use http://localhost/work, and configured stunnel.conf as follows:

[wpt]
accept=127.0.0.1:80
connect=myserver:443
sni=localhost

The server already had SSL enabled in Apache, so no changes were required there.


RE: Agent to server using https - pmeenan - 03-27-2013 04:03 AM

oh, excellent hack and I'm embarrassed to not have thought of it. I think you can do the same thing with putty (plink) as well and have it tunnel over ssh with certs which would be even more secure (and not require any sni settings).