Comment on page
Supporting SSL for development on Rocket.Chat
When working with mobile apps, it is required that your server supports SSL.
Rocket.Chat is a "middle-tier application server." It does not handle SSL itself. However, Rocket.Chat works well with several industrial-grade, battle-tested reverse proxy servers you can configure to handle SSL.
Your Rocket.Chat server may be publicly accessible on the internet or not. Let's look at how to configure SSL for both scenarios.
If your server is not accessible on the internet, you need to provide self-signed certificates to configure SSL on the server.
The root key plays a crucial role in signing certificate requests. It is essential to keep it secure, as possessing it grants the ability to sign certificates on your behalf.
openssl genrsa -des3 -out Rocket.Chat-root.key 4096
If you want a non-password-protected key, remove the
Create the root certificate with the root key and distribute it to all computers that should trust you.
openssl req -x509 -new -nodes -key Rocket.Chat-root.key -sha256 -days 1024 -out Rocket.Chat-root.crt
It is not recommended that you distribute this root certificate in production. A breach of the above-generated key will open every device that trusts your root certificate to potential security threats.
openssl genrsa -out mydomain.com.key 2048
While creating the certificate signing request, it is important to specify the
Common Nameproviding the IP address or URL for the service; otherwise, the certificate cannot be verified.
openssl req -new -key mydomain.com.key -out mydomain.com.csr
Here, we are using the
mydomain.comCSR, along with the
openssl x509 -req -in mydomain.com.csr -CA Rocket.Chat-root.crt -CAkey Rocket.Chat-root.key -CAcreateserial -out mydomain.com.crt -days 365 -sha256
mydomain.com.keyfiles generated above are used as the certificate and the private key to configure SSL.
Once the root certificate has been installed successfully, the device can access Rocket.Chat over SSL.
If your device is not able to connect over SSL, ensure that the URL has
https://explicitly typed out before it.
Last modified 3mo ago