I am using WS websocket library of node.js. Currently I'm running ws server. Now I want to secure this connection by using secure connections i.e by implementing wss protocol and also library support TLS connection. I searched a little and found this plain to secure: wss and this wss with self signed certificate .
Both are not very detailed and the article on the second link describes wss with self signed certificate. What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment or do I need to buy a certificate as we need to do while creating HTTPS servers?
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. At this point, the network connection remains open and can be used to send WebSocket messages in either direction.
Add certificate to Fleck As described in Fleck's Readme, you have to use the wss:// protocol (with var server = new WebSocketServer("wss://[IPAddress]:[Port]"); ) and point Fleck to your certificate (x509 with both, public and private, Key) with server. Certificate = new X509Certificate2("path/to/cert. pfx");
How to Create Secure(TLS/SSL) Websocket Server?
I found your question while searching online for a guide on how to make websockets work over a secured connection. Since this came up in search results, there is a chance I'm not the only one who ended up on this page. To save everyone (including future me) some time, here goes.
I had a simple node.js websocket server, powered by einaros/ws, listening on port 80 over an unsecured connection. Had to switch it to secure connection.
Basically, the second link you provided covers pretty much everything I needed to know. Here are few things that took me some time to figure out though:
I needed the .pem
files for this, but all I got from the cert provider was a simple .crt
/.cert
file, and I also had a private .key
I got after generating the initial .csr
request. So here's how to convert (credit to slf):
openssl rsa -in server.key -text > private.pem openssl x509 -inform PEM -in server.crt > public.pem
It was unclear to me how to make ws
use the secured connection. Since I was trying to add SSL to an existing application, I wanted to avoid having to re-do things. Turns out, all I had to do was replace the {port:80}
parameter with a reference to the https
instance (see the links for more info on how to initialise it).
var ws = require('ws').Server; var wss = new ws({ server: httpsServer });
What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment, or do I need to buy a certificate as we need to do while creating HTTPS servers?
For a public server, you will need a certificate from a widely trusted CA. Use the free Let's Encrypt, or any paid certificate from a known issuer. This will ensure your users won't be getting any browser security warnings, or just leaving without even knowing what went wrong.
For your local development environment, or where all connecting clients are known and under your control, you can create your own CA, see deliciousbrains.com/ssl-certificate-authority-for-local-https-development.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With