Websockets and the PrivX Carrier browser

PrivX web containers are used for accessing HTTP or HTTPS sites via PrivX role-based access control.
PrivX can be used to automatically provide authentication for the sites and/or to record the web sessions.

If your site uses official CA signed certificate, secure web sockets are automatically supported. If you're using self-signed or company CA signed certificates or old ciphers, please continue reading.

PrivX Carrier uses ports 18080 and 18443 to proxy HTTP and HTTPS traffic via PrivX Web Proxy Host.
Port 18444 is used for tunneling web socket traffic.

Trusting self-signed certificates

By default, PrivX Web Container trusts only official CA signed certificates. For company-signed or self-signed certificates, a SEC_ERROR_UNTRUSTED_ISSUER warning is shown for the user. By default, this warning can be bypassed by the user.
For web sites using official certificates (trusted by both PrivX Web Proxy host and Firefox browser), no certificate config is necessary.

Connecting to self-signed or company CA signed website with HTTPS

To avoid security warnings for regular HTTPS traffic, please copy your CA bundle for the trusted certificates to /etc/pki/ca-trust/source/anchors/ directory on PrivX Web Proxy host and run "update-ca-trust extract". After this, run "service privx-web-proxy restart".

Configuring web socket certificates with Carrier config

If using self-signed certificates, the certificate must fulfill the following requirements:

Was this page helpful?