Secure WebSocket Certificate for Custom Game Server
I currently have a simple C# SuperWebSocket server running via PlayFab's Custom Game Server service. I created a certificate that I deploy with my build so I could use a secure WebSocket. So far it's working perfectly. My PC and Android games can connect to it just fine, but my WebGL builds (running in Chrome) can't connect because of the following issue:
WebSocket connection to 'wss://34.227.190.17:9000/' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID
My guess is that it doesn't like my locally made Certificate. Does this mean I need to buy a SSL Certificate from a company like Comodo (https://www.comodoca.com/en-us/)? If so it wants me to give them a domain. Is there a specific domain I should be using? One of my running servers has the address ec2-34-207-183-239.compute-1.amazonaws.com, so would the domain be "*.compute-1.amazonaws.com"? Is there any chance the PlayFab Custom Game Server tech has a certificate on the machine I can use?
Thanks in advance!
Best Answer
I'm concerned that what you're proposing isn't the best solution for what you're trying to do. Using the amazonaws.com comain isn't possible for an authoritative cert. Additionally, the server hosts and IP addresses are constantly changing, meaning you're unable to properly set up your own domain for the cert. We also don't have one you can use.
Chatting with one of our dev leads, he suggested looking into setting up a reverse proxy to forward connections to the appropriate server instance and port. This could run under your own domain, using your own cert. I understand that may be more work than you were expecting, but we just don't have an out-of-the-box solution for what you're trying to do.
Hi @Andy, thanks for the reply! Sadly I don't have any experience with that, but I'll definitely look into it. Since PlayFab doesn't have an out of the box solution for this, does this mean no one has used PlayFab's Custom Game Server service to release a browser based game?
While I'm not aware of any specific studios using custom game servers with browser-based games, I'm sure there are some. The problem you're encountering is omnipresent across all server hosting, I would imagine. Any time you're spinning up dynamic machines and connecting directly to them, you're not going to be able to have a consistent endpoint to secure. The reverse proxy solution is a way of creating that securable endpoint.
I'm going to talk to our Multiplayer Server folks about this, as it seems like a service we could potentially provide with a future iteration of our server hosting.
Thanks @Andy for the explanation! I'm a bit of a newbie when it comes to this sort of thing. Also, thanks for talking to the Multiplayer Server guys, that would be a very helpful service to have in the future. Cheers!
