How to generate self-signed X.509 for WebSocketServer that is accessed via LAN and Internet?

The Godot Q&A is currently undergoing maintenance!

Your ability to ask and answer questions is temporarily disabled. You can browse existing threads in read-only mode.

We are working on bringing this community platform back to its full functionality, stay tuned for updates.

godotengine.org | Twitter

+1 vote

When using Crypto.generate_self_signed_certificate() it appears the "CN" value must be the IP or URL of the WebSocketServer. My clients will be setting WebSocketClient.trusted_ssl_certificate to the expected certificate for the server.

If the server is behind a firewall using NAT and can be accessed from both the LAN and Internet, do I need to generate two certificates (one for LAN and one for Internet) and instance two WebSocketServers listening on different ports (one of which is port forwarded by the firewall)? If so, I guess the WebSocketServer accessible via port forwarding must set the certificate CN to the public IP?

Maybe I'm missing something?

Thanks.

Godot version v3.4.4.stable.official [419e713a2]
in Engine by (94 points)

Please log in or register to answer this question.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.