Photon——Secure Websockets Setup 安全Websockets设置
Secure Websockets Setup 安全Websockets设置
To allow your clients connecting your Photon Server using secure websockets with ‘wss://…’ please proceed as follows.
允许你的客户端连接你的Photon服务器使用安全websockets。
- Obtain a SSL certificate. 获取SSL证书
-
- For development purposes, you can generate a self-signed SSL certificate. 对于开发者而言,你可以生成一个自签名的SSL证书
If you have IIS 7 installed on your development machine, follow these steps: http://technet.microsoft.com/en-us/library/cc753127%28v=ws.10%29.aspx
如果你已安装了IIS7,按照以下步骤:
The “friendly name” should be the same name which your web clients use to access your server, e.g.: photon.example.com:
“friendly name” 必须是相同的名字当你的web客户端访问服务器的时候。
After you are done, make sure that the certificate is installed into the correct certificate store.
当您完成后,请确保该证书被安装到正确的证书存储中
-
-
- Open the Microsoft Management Console by typing “mmc.exe” on the command line.
- From the “File” menu, choose “Add / Remove snap-in”.
- Select “Certificates” -> “Add” -> “Computer Account” -> “Local Computer” -> “OK”.
-
- Expand the nodes on the left hand to “Certificates” -> “Personal” -> “Certificates”.
- Your certificate should show up like this:
Here is a more detailed explanation how to use the Management Console to view certificates: http://msdn.microsoft.com/en-us/library/ms788967.aspx
这有更多的细节去解释如何使用Management Console。
-
- If you don’t have IIS 7 installed on your machine, follow one of the various tutorials that are available on the internet to generate a self-signed SSL certificate for your machine.如果你的机器上没有安装IIS 7,遵循互联网上的各种教程为你的机器生成一个自签名的SSL证书。
Once you have generated the certificate, open the “Local computer” certificate store as described in 1.1
一旦你已经生成了证书,打开“本地计算机”证书存储区
Right-click on the “Personal” node, choose “All Tasks” -> “Import”. Follow the wizard to import your certificate.
右击 “Personal” 节点,选择“All Tasks”-> “Import”。按照向导来导入您的证书
-
- For production servers, please acquire a certificate that is signed by a trusted Certificate Authority instead of using a self-signed certificate. Follow the steps from 1.2 to install it into the “Local Computer” certificate store on your server.对于生产服务器,请获得由受信任的证书颁发机构签署的证书,而不是使用自签名证书。按照以下步骤从1.2把它安装到你的服务器上的“本地计算机”证书存储区。
-
- Add these attributes to the WebSocket listener in the PhotonServer.config:
- 在PhotonServer.config添加这些属性到WebSocket监听器:
attribute | default | description |
---|---|---|
Secure | TRUE | True defines a listener to be secured by SSL. |
StoreName | MY | Name of store where certificate can be found. If you have installed the certificate into the "Personal" store, like described above, set the value to "MY" (or omit the StoreName setting, so the default is used). |
CertificateName | Photon | Name of certificate. Enter the value of the 'IssuedTo' field that is shown in the certificate store (see step 1), NOT the "Friendly Name". |
UseMachineStore | FALSE | Defines if machine store ("local computer store") should be used. We recommend to install the certificate into the machine store, like described above, and set this value to "TRUE", because the certificate will be available to Photon regardless of the account under which it runs and no matter if Photon is started as an application or as an service. If you set this value to "FALSE", Photon will look for the certificate in the "Current User" certificate store if it is started as an applicaton; if it is started as a Service, it will look in the associated "Service" certificate store - so make sure that you install the certificate in the right store. |
-
-
- Restart your Photon Server … voila!
- 重启你的Photon服务器
-
This is an example Photon Server configuration for secure websockets:
这是一个Photon服务器配置安全websockets的例子
...
<
WebSocketListeners
>
<-- Web Sockets Listener with SSL -->
<
WebSocketListener
IPAddress
=
"0.0.0.0"
Port
=
"9091"
DisableNagle
=
"true"
InactivityTimeout
=
"10000"
OverrideApplication
=
"Lite"
Secure
=
"true"
StoreName
=
"My"
CertificateName
=
"server1.example.com"
UseMachineStore
=
"true"
>
</
WebSocketListener
>
</
WebSocketListeners
>
...