Connecting to a personal remote Corelink instance

The problem

Trying to connect to a Corelink server other than corelink.hpc.nyu.edu or localhost (127.0.0.1) is unsuccessful.

Solution

When attempting to connect to a remote computer running Corelink server, a new certificate file must be generated on the server and the public key must be shared to the client.

This guide will go over how to generate the new certificates and how to use it on the javascript client.

Generating new certificates

1. Open corelink/server/config/server.cnf and add a line for the IP of the server under [alt_names]. Also change the Common Name (CN) field under [ req_distinguished_name ] to the IP of the server.

   Example server.cnf

   [ req ]
   default_bits           = 4096
   days                   = 9999
   distinguished_name     = req_distinguished_name
   attributes             = req_attributes
   prompt                 = no
   basicConstraints       = CA:FALSE
   req_extensions         = req_ext
   
   [ req_distinguished_name ]
   C                      = US
   ST                     = NY
   L                      = NYC
   O                      = NYU
   OU                     = RT
   CN                     = 10.20.200.40
   emailAddress           = certs@example.com 
   
   [ req_attributes ]
   challengePassword      = password
   
   [ issuer_info ]
   OCSP;URI.0 = http://ocsp.example.com/
   caIssuers;URI.0 = http://example.com/ca.cert
   
   [ req_ext ]
   subjectAltName = @alt_names
   
   [alt_names]
   IP.1    = 127.0.0.1
   DNS.2   = localhost
   IP.3    = ::1
   IP.4    = 10.20.200.40
   

2. Once the config is changed, generate new certificates using the following commands:

   Click to see certificate generation commands

   CA Key 
   openssl genrsa -out ca-key.pem 4096
   
   Create CA
   openssl req -new -x509 -key ca-key.pem -days 9999 -out ca-crt.pem -config ca.cnf
   
   Create CSR
   openssl req -nodes -new -days 9999 -config server.cnf -keyout server-key.pem -out server-csr.pem
   
   Sign
   openssl x509 -req -days 9999 -extfile server.cnf -extensions req_ext -in server-csr.pem -CA ca-crt.pem -CAkey ca-key.pem -CAcreateserial -out server-crt.pem
   
   Test for alternative names
   openssl req -in server-csr.pem -noout -text
   
   Check Cert
   openssl verify -CAfile ca-crt.pem server-crt.pem
   

3. After generating new certificates on the server, copy the public key ca-crt.pem from the server to the device clients will connect from.

Using the new certificate on the client.

1. Change the ControlIP in the corelink/config/default.json5 file to the IP of the server.

   Example default.json5

   {
       // corelink server control port
       // IP Port
       // ControlPort: 20010,
       // WS Port
       ControlPort: 20012,
   
       // corelink server ip address
       ControlIP: '10.20.200.40',
   
       // automatically recconnect control connection
       autoReconnect: false,
   
       // comment this line, if you dont use 127.0.0.1 for testing. A valid
       // certificate on the server side is required.
       // Change the certificate authority if you are using a server with self
       // signed certificate.
       cert: 'path/to/ca-crt.pem'
   }
   

2. In the connect function add a parameter for the absolute file path to the certificate file on the client. An example can be seen here