2 years ago
Browsers don't like that I'm serving my websocket on ws:// rather than wss://, but wss:// requires a certificate and key, i.e. in go you need to http.ListenAndServeTLS(port, "cert.pem", "key.pem"). My question is, Railway issues certs but doesn't give a lot of detail on them as far as I have found. Which cert do I use? In /etc/ssl/certs I have found:
ACCVRAIZ1.pem
AC_RAIZ_FNMT-RCM.pem
AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
ANF_Secure_Server_Root_CA.pem
Actalis_Authentication_Root_CA.pem
AffirmTrust_Commercial.pem
AffirmTrust_Networking.pem
AffirmTrust_Premium.pem
AffirmTrust_Premium_ECC.pem
Amazon_Root_CA_1.pem
Amazon_Root_CA_2.pem
Amazon_Root_CA_3.pem
Amazon_Root_CA_4.pem
Atos_TrustedRoot_2011.pem
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
Baltimore_CyberTrust_Root.pem
Buypass_Class_2_Root_CA.pem
Buypass_Class_3_Root_CA.pem
CA_Disig_Root_R2.pem
CFCA_EV_ROOT.pem
COMODO_Certification_Authority.pem
COMODO_ECC_Certification_Authority.pem
COMODO_RSA_Certification_Authority.pem
Certainly_Root_E1.pem
Certainly_Root_R1.pem
Certigna.pem
Certigna_Root_CA.pem
Certum_EC-384_CA.pem
Certum_Trusted_Network_CA.pem
Certum_Trusted_Network_CA_2.pem
Certum_Trusted_Root_CA.pem
Any ideas? Or do I need to get my own cert issued?
10 Replies
2 years ago
the certs in /etc/ssl/certs are system certs and none of them are generated by railway and none of them are what you want (because you don't want any)
your application needs to listen on plain old http 1.1 without TLS, railway will handle everything else for you, from redirecting insecure connections to terminating SSL and TLS for you.
but to answer your question, they are let's encrypt certificates and aren't anywhere user or program accessible.
Great, thank you for the info, that's a relief. I haven't been able to get Railway to automagically let me use wss, i.e. my frontend can't communicate with the server service that exposes a websocket on :443/ws (e.g. wss://aconomy.railway.internal:443/ws doesn't work). I'm aware that's not very helpful so I'll try and get a real error
2 years ago
you need to use the public url if you are trying to connect to it client side in the browser
2 years ago
wouldn't be much of a private network if someone in their web browser could connect to it
2 years ago
of course!