question

Brian Gish avatar image
Brian Gish asked

Secure WebSocket Certificate for Custom Game Server

I currently have a simple C# SuperWebSocket server running via PlayFab's Custom Game Server service. I created a certificate that I deploy with my build so I could use a secure WebSocket. So far it's working perfectly. My PC and Android games can connect to it just fine, but my WebGL builds (running in Chrome) can't connect because of the following issue:

WebSocket connection to 'wss://34.227.190.17:9000/' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID

My guess is that it doesn't like my locally made Certificate. Does this mean I need to buy a SSL Certificate from a company like Comodo (https://www.comodoca.com/en-us/)? If so it wants me to give them a domain. Is there a specific domain I should be using? One of my running servers has the address ec2-34-207-183-239.compute-1.amazonaws.com, so would the domain be "*.compute-1.amazonaws.com"? Is there any chance the PlayFab Custom Game Server tech has a certificate on the machine I can use?

Thanks in advance!

Custom Game Servers
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

scottadams avatar image scottadams commented ·

Any tips on setting up a reverse proxy? @Brian Gish were you able to solve this?

0 Likes 0 ·

2 Answers

·
Andy avatar image
Andy answered

I'm concerned that what you're proposing isn't the best solution for what you're trying to do. Using the amazonaws.com comain isn't possible for an authoritative cert. Additionally, the server hosts and IP addresses are constantly changing, meaning you're unable to properly set up your own domain for the cert. We also don't have one you can use.

Chatting with one of our dev leads, he suggested looking into setting up a reverse proxy to forward connections to the appropriate server instance and port. This could run under your own domain, using your own cert. I understand that may be more work than you were expecting, but we just don't have an out-of-the-box solution for what you're trying to do.

7 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian Gish avatar image Brian Gish commented ·

Hi @Andy, thanks for the reply! Sadly I don't have any experience with that, but I'll definitely look into it. Since PlayFab doesn't have an out of the box solution for this, does this mean no one has used PlayFab's Custom Game Server service to release a browser based game?

0 Likes 0 ·
Andy avatar image Andy ♦♦ Brian Gish commented ·

While I'm not aware of any specific studios using custom game servers with browser-based games, I'm sure there are some. The problem you're encountering is omnipresent across all server hosting, I would imagine. Any time you're spinning up dynamic machines and connecting directly to them, you're not going to be able to have a consistent endpoint to secure. The reverse proxy solution is a way of creating that securable endpoint.

I'm going to talk to our Multiplayer Server folks about this, as it seems like a service we could potentially provide with a future iteration of our server hosting.

0 Likes 0 ·
Brian Gish avatar image Brian Gish commented ·

Thanks @Andy for the explanation! I'm a bit of a newbie when it comes to this sort of thing. Also, thanks for talking to the Multiplayer Server guys, that would be a very helpful service to have in the future. Cheers!

0 Likes 0 ·
natepac avatar image natepac commented ·

@Andy @Brendan Is PF considering any solution with this? Or is that just not possible with certs / domains...etc.? @Brian Gish What solution did you end up going with? Thanks in advance all.

0 Likes 0 ·
brendan avatar image brendan natepac commented ·

Our game server hosting service isn't really designed for use as web service hosts - the use cases they were built for are all around session-based gameplay where clients make a UDP/TCP connection to the server. Realistically, a web service for a game needs to have a consistent URI that the client devices can hit - something you can't get from game server hosting, since IPs will change frequently.

But turning this around - what does the web service do, specifically? Why not just build that logic into an Azure Functions Cloud Script that you call through PlayFab?

0 Likes 0 ·
natepac avatar image natepac brendan commented ·

Thanks for the response @Brendan I appreciate it! As Brian states in his question, it's more about making the connection secure, if possible. Having an SSL cert and having an HTTPS connection vs a HTTP connection is the goal. I get it though that this may be out of scope of what PF would provide. Having it hosted on our of web server then marshalling calls over to PF may be the way to go. I just don't want to bottle neck it on our server.

0 Likes 0 ·
Show more comments
Juan David Varon G avatar image
Juan David Varon G answered

Hi there @Brian Gish, @Andy, has there been any officially (or unofficially) proven solution for this recently?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.