9 months ago
Browsers don't like that I'm serving my websocket on ws:// rather than wss://, but wss:// requires a certificate and key, i.e. in go you need to http.ListenAndServeTLS(port, "cert.pem", "key.pem"). My question is, Railway issues certs but doesn't give a lot of detail on them as far as I have found. Which cert do I use? In /etc/ssl/certs I have found:
ACCVRAIZ1.pem
ACRAIZFNMT-RCM.pem
ACRAIZFNMT-RCMSERVIDORESSEGUROS.pem
ANFSecureServerRootCA.pem
ActalisAuthenticationRootCA.pem AffirmTrustCommercial.pem
AffirmTrustNetworking.pem AffirmTrustPremium.pem
AffirmTrustPremiumECC.pem
AmazonRootCA1.pem AmazonRootCA2.pem
AmazonRootCA3.pem AmazonRootCA4.pem
AtosTrustedRoot2011.pem
AutoridaddeCertificacionFirmaprofesionalCIFA62634068.pem AutoridaddeCertificacionFirmaprofesionalCIFA626340682.pem BaltimoreCyberTrustRoot.pem BuypassClass2RootCA.pem BuypassClass3RootCA.pem CADisigRootR2.pem
CFCAEVROOT.pem
COMODOCertificationAuthority.pem
COMODOECCCertificationAuthority.pem COMODORSACertificationAuthority.pem
CertainlyRootE1.pem
CertainlyRootR1.pem
Certigna.pem
CertignaRootCA.pem
CertumEC-384CA.pem
CertumTrustedNetworkCA.pem CertumTrustedNetworkCA2.pem CertumTrustedRootCA.pem
Any ideas? Or do I need to get my own cert issued?
0 Replies
9 months ago
the certs in /etc/ssl/certs are system certs and none of them are generated by railway and none of them are what you want (because you don't want any)
your application needs to listen on plain old http 1.1 without TLS, railway will handle everything else for you, from redirecting insecure connections to terminating SSL and TLS for you.
but to answer your question, they are let's encrypt certificates and aren't anywhere user or program accessible.
Great, thank you for the info, that's a relief. I haven't been able to get Railway to automagically let me use wss, i.e. my frontend can't communicate with the server service that exposes a websocket on :443/ws (e.g. wss://aconomy.railway.internal:443/ws doesn't work). I'm aware that's not very helpful so I'll try and get a real error
9 months ago
you need to use the public url if you are trying to connect to it client side in the browser
9 months ago
wouldn't be much of a private network if someone in their web browser could connect to it
9 months ago
of course!