When playing in the editor WebSocket (from Runtime/Online/WebSocket) connection was successful but failed when playing in packaged project. Why? UE4 versions used were 4.18 and 4.19. Platform is Windows x64.

Here’s the log.

[2018.10.23-08.55.37:666][308]LogTemp: Display: Connecting to wss://localhost/lobby/
[2018.10.23-08.55.38:397][350]LogWebSockets: Warning: Lws(Error): server's cert didn't look good, X509_V_ERR = 20: error:00000014:lib(0):func(0):SSL lib
[2018.10.23-08.55.38:431][352]LogWebSockets: Warning: Lws(Error): server's cert didn't look good, X509_V_ERR = 20: error:00000014:lib(0):func(0):SSL lib
[2018.10.23-08.55.38:443][352]LogTemp: Display: Error connecting: Connection timed out

Upon closer examination, the UE4’s WebSocket library uses Libwebsocket and OpenSSL, and that X509_V_ERR = 20 means X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. See here. But I’m sure the certificate is valid, and not self-signed. Can anyone help? Again note that the connection works in the editor but not in packaged project. I’m not sure why.

In 4.20 the log is like this

[2018.10.23-13.28.59:390][399]LogTemp: Display: Connecting to wss://localhost/lobby/
[2018.10.23-13.29.00:119][446]LogWebSockets: Warning: Lws(Error): SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=3)
[2018.10.23-13.29.00:121][446]LogWebSockets: Warning: Lws(Error): SSL connect error 336134278: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[2018.10.23-13.29.00:122][446]LogTemp: Display: Error connecting: lws_ssl_client_connect2 failed

Basically the same error, but more verbose.

Sigh, turns out UE4 doesn’t automatically copy the certificate file into pak file. Also the SSL module really lacks documentation, but I figured it all out eventually. ISslCertificateManager::AddCertificatesToSslContext | Unreal Engine Documentation

So how did you solve this? I have the same problem but I´m not a programmer. Feeling a bit lost with this documentation

Something else to check depending on the platform you’re targeting, make sure that platform is setting WITH_SSL to 1 and including the necessary include paths and third party libraries in SSL.Build.cs. Otherwise, code that you’ll need will not be included in your build causing all sorts of issues.

If your platform isn’t listed in SSL.Build.cs,you’ll need to add a new line like so:

Target.Platform == UnrealTargetPlatform.YourNewPlatform

Good luck!

Yes, I’m having this exact issue, would be nice if the actual answer was mentioned instead of “I just figured it out eventually” with a link to raw documentation.

I experienced the same issue when packaging on Mac - I resolved it by adding the default cacerts.pem key that comes with UE4’s source to Project Settings > Packaging > Packaging > Additional Non-Assets Directories to Copy

Where is the cacerts.pem located. There is non to be found for me.

ok so the cacert.pem is found in Engine/Content/Certificates/ThirdParty/cacert.pem
and i copy that to my Content/Certificates folder
and i’m trying to add an additional non-asset directory to the package (by changing Config/DefaultGame.ini)
+DirectoriesToAlwaysStageAsNonUFS=(Path=“Certificates”)
but i still get an error:
[2021.07.12-23.02.20:135][217]LogWebSockets: Warning: Lws(Error): SSL_new failed: error:00000063:lib(0):func(0):reason(99)

I resolved the problem by the same way but I set the “Additional Non-Assets Directories to Copy” value from the Editor menu.

For anyone else looking, VE1977’s comment below solves it. The exact steps to fix it is:

1. Copy [Engine directory]/Engine/Content/Certificates/ThirdParty/cacert.pem to [Project directory]/Content/Certificates/cacert.pem
2. In your project settings, under Packaging, add an array item to “Additional Non-Asset Directories to Package”, with the value Certifications

That’s it, no need to do anything in C++. You may need to copy this again when you update engine version.

Hello, I operated according to the method you used, but I can’t link after packaging

Bah, I see I have a typo in my post here. The value to put in the config should be Certificates (the same as the folder you created). Does fixing that help? If not, what kind of errors are you getting?

Still can’t ~ ~ it’s available in editing status, but after it’s packaged, it can’t link websockt

Hi. Suggested solution does not work on my PC. Do anyone know if there is any other way of fixing certificate? And just to be sure. Does this fix also helps with editor behaviour or its only for packaged build? Thanks!

EDIT:
Found this forum entry. This one helped me so if coping certifcates does not work for you here is different solution to try

Hi. We got something similar to this on one of the machines at our company. For that specific one, all HTTP requests were blocked by one request failing; more specifically, the usage tracking request of the ExpressiveText plugin. So it’s worth checking the logs and looking for warnings about the HTTP module processing requests. Disabling the plugin worked.

I have the “SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=0)”, but when playing in editor.

1. copy cacert.pem to [unrealProject]/Content/Certificates
2. project setting > packaging > Additional Non-Asset Directories to Package > add item “Certificates”

it works ~

my env
unreal version = 5.0.3
use webSocket ( c++ )
win or mac no issue
but packaging ios has issue
issue = LogWebSockets: Warning: Lws(Error): SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=2)

可以在DefaultEngine.ini中添加：
[LwsWebSocket]
bDisableCertValidation=True

Solution:

Just add the follow setting in DefaultEngine.ini, and when packaging the game, the cacert.pem file will be staged automatically.

[/Script/Engine.NetworkSettings]
n.VerifyPeer=True

The logic is in /Engine/Source/Programs/AutomationTool/Scripts
/CopyBuildToStagingDirectory.Automation.cs:
https://github.com/EpicGames/UnrealEngine/blob/11ea386451b0beaff2ab34ad3d222def138fcd29/Engine/Source/Programs/AutomationTool/Scripts/CopyBuildToStagingDirectory.Automation.cs#L1204

Why it’s working in editor?

In FSslCertificateManager::BuildRootCertificateArray(), CertificateBundlePath is searched in in the order of ProjectContentDir, EngineContentDir. In editor, EngineContentDir alwarys has the Certificates/ThirdParty/cacert.pem file, so it’s working in editor.
https://github.com/EpicGames/UnrealEngine/blob/c830445187784f1269f43b56f095493a27d5a636/Engine/Source/Runtime/Online/SSL/Private/SslCertificateManager.cpp#L337

How to check it’s really working

On Winddows, you can delete all entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\ in regedit, and see if the packaged game really using the cacert.pem file(and not using the system cached one).

I just want to say thank you for this thread, it saved us A LOT of time!
We had issues with a third party plugin not able to perform SSL verification on cooked builds on MacOS and UE 5.3.
The solution for us was settings those certificates as RuntimeDependencies for the plugin, so after cook, those non USF files will be staged with the build.
That being said, the other mentioned solutions can possibly work as well.