I am using WS websocket library of node.js. Currently I'm running ws server. Now I want to secure this connection by using secure connections i.e by implementing wss protocol and also library support TLS connection. I searched a little and found this plain to secure: wss and this wss with self signed certificate .
Both are not very detailed and the article on the second link describes wss with self signed certificate. What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment or do I need to buy a certificate as we need to do while creating HTTPS servers?
Your question #1
How to Create Secure(TLS/SSL) Websocket Server?
I found your question while searching online for a guide on how to make websockets work over a secured connection. Since this came up in search results, there is a chance I'm not the only one who ended up on this page. To save everyone (including future me) some time, here goes.
The Problem
I had a simple node.js websocket server, powered by einaros/ws, listening on port 80 over an unsecured connection. Had to switch it to secure connection.
The Solution
Basically, the second link you provided covers pretty much everything I needed to know. Here are few things that took me some time to figure out though:
I needed the .pem files for this, but all I got from the cert provider was a simple .crt/.cert file, and I also had a private .key I got after generating the initial .csr request. So here's how to convert (credit to slf):
openssl rsa -in server.key -text > private.pem
openssl x509 -inform PEM -in server.crt > public.pem
It was unclear to me how to make ws use the secured connection. Since I was trying to add SSL to an existing application, I wanted to avoid having to re-do things. Turns out, all I had to do was replace the {port:80} parameter with a reference to the https instance (see the links for more info on how to initialise it).
var ws = require('ws').Server;
var wss = new ws({
server: httpsServer
});
References
- github.com/websockets/ws/blob/master/examples/ssl.js
- chovy.com/web-development/self-signed-certs-with-secure-websockets-in-node-js
Your question #2
What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment, or do I need to buy a certificate as we need to do while creating HTTPS servers?
Emphasis mine. Yes, I would advise you to buy a certificate from a trusted authority. This will ensure your users won't be getting any browser security warnings, or just leaving without even knowing what went wrong.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《How to Create Secure(TLS/SSL) Websocket Server》','https://www.manongdao.com/article-286228.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}