Secure Websockets Setup
To allow your clients connecting your Photon Server using secure websockets with 'wss://...' please proceed as follows.
Obtain a SSL certificate.
1.1. For development purposes, you can generate a self-signed SSL certificate.
If you have IIS 7 installed on your development machine, follow these steps: https://technet.microsoft.com/en-us/library/cc753127%28v=ws.10%29.aspx
The "friendly name" should be the same name which your web clients use to access your server, e.g.: photon.example.com:
After you are done, make sure that the certificate is installed into the correct certificate store.
- Open the Microsoft Management Console by typing "mmc.exe" on the command line.
- From the "File" menu, choose "Add / Remove snap-in".
- Select "Certificates" -> "Add" -> "Computer Account" -> "Local Computer" -> "OK".
- Expand the nodes on the left hand to "Certificates" -> "Personal" -> "Certificates".
- Your certificate should show up like this:
Here is a more detailed explanation how to use the Management Console to view certificates: https://msdn.microsoft.com/en-us/library/ms788967.aspx
1.2. If you don't have IIS 7 installed on your machine, follow one of the various tutorials that are available on the internet to generate a self-signed SSL certificate for your machine.
Once you have generated the certificate, open the "Local computer" certificate store as described in 1.1
Right-click on the "Personal" node, choose "All Tasks" -> "Import". Follow the wizard to import your certificate.
1.3. For production servers, please acquire a certificate that is signed by a trusted Certificate Authority instead of using a self-signed certificate. Follow the steps from 1.2 to install it into the "Local Computer" certificate store on your server.
Add these attributes to the WebSocket listener in the PhotonServer.config:
Attribute Default Description Secure TRUE True defines a listener to be secured by SSL. StoreName MY Name of store where certificate can be found. If you have installed the certificate into the "Personal" store, like described above, set the value to "MY" (or omit the StoreName setting, so the default is used). CertificateName Photon Name of certificate. Enter the value of the 'IssuedTo' field that is shown in the certificate store (see step 1), NOT the "Friendly Name". UseMachineStore FALSE Defines if machine store ("local computer store") should be used. We recommend to install the certificate into the machine store, like described above, and set this value to "TRUE", because the certificate will be available to Photon regardless of the account under which it runs and no matter if Photon is started as an application or as an service. If you set this value to "FALSE", Photon will look for the certificate in the "Current User" certificate store if it is started as an applicaton; if it is started as a Service, it will look in the associated "Service" certificate store - so make sure that you install the certificate in the right store.
Restart your Photon Server ... voila!
This is an example Photon Server configuration for secure websockets:
... <WebSocketListeners> <-- Web Sockets Listener with SSL --> <WebSocketListener IPAddress="0.0.0.0" Port="9091" DisableNagle="true" InactivityTimeout="10000" OverrideApplication="Lite" Secure = "true" StoreName = "My" CertificateName = "server1.example.com" UseMachineStore = "true"> </WebSocketListener> </WebSocketListeners> ...