Browser TLS With custom server certificate.

[lhamt]

Hello! I wonder if anyone could help me with NATS TLS connection.
Here is my situation:

• I want connections to my NATS server to use TLS for confidentiality.
• I do not need the server to authenticate the browser (nats.ws) clients. This means I do not need client certificates and keys.
• I cannot provide a custom trusted Certificate Authority file in the nats.ws connection options (W3C websocket limitation).
• I cannot add the CA file to the list of trusted Root CAs for each device that's accessing the website.
• I cannot use a public CA like DigiCert since this is running on an intranet and won't have access to a pre-determined domain name.

Is there any way that I can connect to the NATS server using TLS from the browser with these limitations?

[aricart]

nats.ws uses a w3c websocket - so it will be require certificates that are valid if you use TLS, so as you say, there's no way to make the connection be considered secure given your constraints. With that said, depending on the runtime, you may be able to say which CA is valid (for the runtime) which transitively will be valid for the websocket. But this also means that all browsers would have to have your CA and trust it.

[lhamt]

Thank you @aricart. I appreciate your help.