Root SSL Certificates

Is there anyway to add a root ssl certificate to a Windows Gamelift server?
My Game Server needs to make connections to API’s that use Let’s Encrypt and a certificate whose root CA is Sectigo, both of which aren’t in the default windows certificate manager on the Windows 2012 image. These missing root certs is causing a lot of Warnings about unknown certs in my logs making it hard to debug real issues.

A lot depends on where you need these installed and to be accessible by what.

I would suggest:

  • You include the cert in your fleet bundle
  • Or save it to disc via the install.bat

You could then use the install.bat to place it where its required. The install.bat has elevated permissions over your runtime permissions so it may have the power you need.

Or add the cert to the windows certificate store using https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddencodedcertificatetostore?redirectedfrom=MSDN (haven’t tried this path etc).

Depending on your TLS/SSL stack you may just need a reference to the cert on disc. Or you may need to do something more.

Hope thats helpful.