v5 How to Configure Certificate for Secure Listeners?
Options
I am following the steps outlined at https://doc.photonengine.com/en-us/server/v5/operations/server-config#certificate_setup_for_secure_listeners
However, whenever I try to load the cert, I get the following error:
But then, when I point the file to the key instead, I get:
Lol
Normally I would need to load both the private key and the cert right? What's going on?
Thanks for your help
However, whenever I try to load the cert, I get the following error:
4480: 17:22:49.487 - CService::OnException() - Exception: CCreateSimpleContext::CreateSSLContext() - Failed to load private key file: "C:\...\Photon-OnPremises-Server-Plugin-SDK_v5-0-1-21359-BETA\deploy\bin_Win64\certs\server.pem" - error:0909006C:PEM routines:get_name:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
But then, when I point the file to the key instead, I get:
4476: 17:23:59.208 - CService::OnException() - Exception: CCreateSimpleContext::CreateSSLContext() - Failed to load certificate file: "C:\...\Photon-OnPremises-Server-Plugin-SDK_v5-0-1-21359-BETA\deploy\bin_Win64\certs\server.pem" - error:0909006C:PEM routines:get_name:no start line error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
Lol
Normally I would need to load both the private key and the cert right? What's going on?
Thanks for your help
0
Comments
-
hi, @OldPilgrim
our documentation missing 'key' setting documentation
so, in your case you have to specify 'CertificatePath' as folder to files location, then `Certificate` should contain name for file with certificate and `Key` should contain file with key
Also you may put everything in one file, call it 'server.pem' and set only CertificatePath
best,
ilya1 -
@chvetsov ok, thanks!!
Edit: specifying the Certificate and Key attributes doesn't work (it didn't work before either), it's still trying to load server.pem4692: 09:12:04.278 - CService::OnException() - Exception: CCreateSimpleContext::CreateSSLContext() - Failed to load certificate file: "C:\Users\Me\myCerts\server.pem" - error:02001002:system library:fopen:No such file or directory error:20074002:BIO routines:file_ctrl:system lib error:140DC002:SSL routines:use_certificate_chain_file:system lib
However, i concatenated the key and cert into one pem file and it worked.0 -
@OldPilgrim
could you provide config snippet to see how did you configure it. May be we have a bug and will be able to reproduce it
best,
ilya0 -
@chvetsov
<WebSocketListener IPAddress="0.0.0.0" Port="9090" DisableNagle="true" InactivityTimeout="10000" OverrideApplication="Master" Secure="true" CertificatePath="C:\Users\Me\myCerts" Certificate="server-crt.pem" Key="server-key.pem" > </WebSocketListener>
0 -
hey @OldPilgrim,
In v5 RC1 we have changed how listeners for WSS are configured.
But it means you could also try if the new way of setting up custom certificates was the same in v5 BETA as well and we just did not document this properly.
BTW documentation for v5 RC1 is also still WiP.<WebSocketListener Secure="true"> <ServerCertificate Path="C:\Users\Me\myCerts" Certificate="server-crt.pem" Key="server-key.pem"> </ServerCertificate> </WebSocketListener>
0