How to configure Sync Gateway and client to use Secure WebSocket (wss://host:ip)


I have a .NET core 2.2 based couchbase lite client, a 2.5 Sync Gateway and enterprise 6.x server.
I want to use wss to connect and exchange data with the SG in both directions. The client code is shown below.

I have created a self signed X509 certificate with OpenSSL and set the SSLKey and SSLCert as defined here:

In the client I use wss://host:ip .



>         Couchbase.Lite.Support.NetDesktop.Activate();
>         Database.Log.Console.Level = LogLevel.Verbose;
>         Database.Log.Console.Domains = LogDomain.All;
>         this._database = new Database(DATABASE_NAME);
>         _urlEndpoint = new URLEndpoint(new Uri($"wss://{DATABASE_NAME}"));
>         _replicatorConfig = new ReplicatorConfiguration(this._database, _urlEndpoint);
>         _replicatorConfig.Authenticator = new SessionAuthenticator(sessionId);
>         _replicatorConfig.ReplicatorType = ReplicatorType.PushAndPull;
>         _replicatorConfig.Continuous = true;
>         // Jede filiale ist auch ein channel. So werden nur die documente einer filiale fuer einen nutzer repliziert.
>         _replicatorConfig.Channels = new List<string>();
>         _replicatorConfig.Channels.Add(_filialId);
>         _replicator = new Replicator(_replicatorConfig);
>         _replicator.AddChangeListener(this.ReplicationEventHandler);

You will need to trust the CA on the client. For production use, you’ll either want to secure with a trusted CA, or you’ll need to have a method in place to share and add trust for a self-generated CA. Once that’s in place, it will work exactly as you expect. It is possible to configure your client to not verify the CA, by overriding ServerCertificateCustomValidationCallback on HttpClientHandler(). (See Stack Overflow)

You also will want to change the endpoint port to 4984, as 4985 is the Sync Gateway admin port.

Hi Grimal,
Thanks for your answer! How will wss work if I have a BigIP between my client and the sync gateway?
My BigIP itself is secured by certificate X while my sync gateway uses certificate Y?
My BigIP certificate will be issued to: ", to what will my sync gateway certificate be issued to?