websocket connection issue

book

Article ID: 211265

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are trying to configure web socket (ws) connection in Gateway server v10.0. We are not able to establish connection from GW to WS server.

ws://echo.websocket.org

wss://echo.websocket.org

SSG Logs:

2021-03-11T22:00:35.903+0000 INFO    56 com.l7tech.external.assertions.websocket.server.WebSocketLoadListener: Updated WebSocket Service 4ba73da25021a740ee10afc501a05c8b
2021-03-11T22:00:46.046+0000 INFO    3989042 com.l7tech.server.admin: GenericEntity #4ba73da25021a740ee10afc501a05c8b (CIM) updated (changed valueXml, changed enabled)
2021-03-11T22:00:46.220+0000 INFO    56 com.l7tech.external.assertions.websocket.server.WebSocketOutboundHandler: Attempting to create WebSocket connection to: ws://echo.websocket.org:80
2021-03-11T22:01:06.221+0000 INFO    56 com.l7tech.external.assertions.websocket.server.WebSocketLoadListener: Updated WebSocket Service 4ba73da25021a740ee10afc501a05c8b
2021-03-11T22:01:06.391+0000 WARNING 19796764 com.l7tech.external.assertions.websocket.server.SSGOutboundWebSocket: Outbound WebSocket onWebSocketError()java.net.SocketTimeoutException: Connect Timeout. Closing outbound websocket.
2021-03-11T22:03:01.362+0000 INFO    51 com.l7tech.external.assertions.websocket.server.WebSocketLoadListener: Reconnecting WebSocket outbound handler '4ba73da25021a740ee10afc501a05c8b' to WebSocket server.
2021-03-11T22:03:01.370+0000 INFO    51 com.l7tech.external.assertions.websocket.server.WebSocketOutboundHandler: Attempting to create WebSocket connection to: ws://echo.websocket.org:80
2021-03-11T22:03:21.526+0000 WARNING 19796764 com.l7tech.external.assertions.websocket.server.SSGOutboundWebSocket: Outbound WebSocket onWebSocketError()java.net.SocketTimeoutException: Connect Timeout. Closing outbound websocket.

Failing to connect 

ALSO failing to connect to SSL wss://echo.websocket.org

How can we connect to ws and wss websocket resource  

Cause

Access to ws://echo.websocket.org was external firewall rule

Access to wss://echo.websocket.org was a certificate trust issue 

 

 

 

Environment

Release : 10.0

Component : API GATEWAY

Resolution

Websocket ws://echo.websocket.org usage for customer need to open firewall rule

Secure Websocket wss://echo.websocket.org:443 usage for customer need to import the certificate into gateway keystore 

Steps: 

SSL Example (front-end non-SSL and backend is SSL)

  • Create new websocket listening port:  Tasks/Extension and Add-On/Manage Websocket Connections
  • Specify inbound port.  For Outbound tab, URL: wss://echo.websocket.org:443
  • Set checkbox: Use SSL.
  • From Tasks/Certificates/Manage Certificates click Add. 
  • For Retrieve via SSL Connection: https://websocket.org:443.  Click Next.  Select Outbound SSL Connections .  Click Next and set checkbox: Certificate is a Trust Anchor.
  • Now use Chrome's WS plugin to send a message to websocket.org.