Creating WebSocket Relay certificate

The WebSocket relay feature requires the use of a TLS (SSL) certificate as a prerequisite for use. To create a certificate, complete the following steps:

Prerequisites
  • Create a public DNS record pointing to the underlay IP address of the Airwall Relay. The FQDN (fully qualified domain name) must match the CN (common name) in the DN (distinguished name).
  • Ensure TCP port 443 is open through any cloud security groups or firewalls from Relay clients to the underlay address on this Airwall Relay.
  1. In the Conductor, click Airwalls and select an Airwall Gateway to configure as an Airwall Relay. For more information on Airwall Relays, see Set Up an Airwall Relay.
  2. In the Airwall Gateway tab, click the Airwall relay subtab and enable Allow Airwall gateway to act as an Airwall Relay.
  3. Click New Certificate.
  4. Enter the full DN or at minimum the CN. The CN must match the DNS FQDN assigned to the Airwall Relay.
    • DN example: /C=US/O=CompanyName/OU=Department/CN=your-fqdn.com
    • CN example: /CN=your-fqdn.com
    Note: If using DigiCert, the DN fields must all be lowercase.
  5. Click Download CSR when it becomes available.
  6. Request your CA (certificate authority) sign the CSR (certificate signing request) and return the signed certificate.
  7. Input the signed certificate from your CA into the Signed Certificate box.
  8. Click Save.