Load SSL/TLS certificate from system store (Windows only)
This action sets the SSL/TLS certificate to use in the secure WebSocket server.
It takes three parameters:
- Common name. The name of the certificate: who it was issued to.
This will be your personal name, company name, or domain name. - Location of certificate in Windows store. If blank, will default to CurrentUser.
Options are: "CurrentUser", "CurrentService", "CurrentUserGroupPolicy", "LocalMachine", "LocalMachineEnterprise", "LocalMachineGroupPolicy", "Services", and "Users".
Note that machine stores are normally not fully readable by applications that are not running with administrator permissions. - Store name. If left blank, will default to "My", the Personal store, which is default for non-self-signed certificates.
Options are "My", "Root", "TrustedPublisher", etc.
To view the certificate names, check registry key:
HKEY_[CURRENT_USER/LOCAL_MACHINE]\SOFTWARE\Microsoft\SystemCertificates
Generally, you want a certificates: - from a provider, installed under Personal certificate store, "My"
- from self-signing, installed under Trusted Root Certification Authorities, "Root"
as a web browser will only consider self-signed certificate valid if it's under Trusted Root.
You should be able to find a certificate's store by finding the certificate under Certificate Manager.
You must have a certificate loaded to host WebSocket securely, as the certificate is what secures connections.
To get certificates, refer to Guides > Hosting a server > Hosting a WebSocket server. Certificates are usually free, but have several steps to obtain.
You can supply either two PEM files, or on Windows you can also supply one PFX file.
Other formats may work, but this is not guaranteed.
The system store is designed for PFX file format files, but you can import other types.
If you are using a PFX file format (PKCS #12), make sure you merge the private key and certificate chain into one PFX file, for simplicity of use.
Regardless of format, the private key must be available in the certificate store. See the above GIF to find out how to check if private key is associated with the certificate.