Can't use self-signed certificate with SSL Connection

Hi, first of all sorry for my English.

I have a problem using secure connection with Nakama. Using non secure connection works like a charm.

Details about deployment:

  • Unity project
  • AWS machine (Ubuntu)
  • Using Docker-Compose
  • SSL certs are self-signed

We don’t need trusted certs because only our game will have access to server, so the idea is to validate the connection with the cert fingerprint. To accomplish that we are using a custom UnityWebRequestAdapter:

var client = new Client(“https”, “x.x.x.x”, 7350, “defaultKey”, UnityWebRequestAdapter.Instance);

That UnityWebRequestAdapter class is modified to validate the cert using a CertificateHandler that compares the cert fingerprint. For now it just returns ‘true’ on validate method:

protected override bool ValidateCertificate(byte certificateData) { return true; }

Have tried a lot of ways to generate the certs but it always come with the same error:

ApiResponseException: all SubConns are in TransientFailure, latest connection error: connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”

Don’t know if has something to do with Docker. Have searched a lot and tested a lot but nothing worked.

This thread has a similar problem: https://github.com/heroiclabs/nakama/issues/348

Please, I need help, I have spent 3 days on this and didn’t solve.

Thanks in advance.

Solved using a Load Balancer as an entry point for secure connection, then redirects uncrypted message to Nakama server

2 Likes

@jmclaveria is there any tutorial to do that?

@alisaffari The error described in this thread has been fixed, see issue #348. Keep an eye out for the Nakama 2.14.2 release and you should be good to go.