docs/openclaw_gateway_ws.md

# Gateway WebSocket protocol

## Connection Types

OpenClaw Mission Control supports both secure (`wss://`) and non-secure (`ws://`) WebSocket connections to gateways.

### Secure Connections (wss://)

For production environments, always use `wss://` (WebSocket Secure) connections with valid TLS certificates.

### Self-Signed Certificates

For local development or trusted local networks, you can enable support for self-signed TLS certificates:

1. Navigate to the gateway configuration page (Settings → Gateways)
2. When creating or editing a gateway, check the box: **"Allow self-signed TLS certificates"**
3. This option is useful for:
   - Local development: `wss://localhost:18789`
   - Trusted local networks: `wss://192.168.1.100:18789`

**Security Warning**: Only enable this option for localhost or gateways on trusted local networks. Do not use self-signed certificates for production gateways accessible over the internet.

## Configuration Options

When configuring a gateway, you can specify:

- **Gateway URL**: The WebSocket endpoint (e.g., `wss://localhost:18789` or `ws://gateway:18789`)
- **Gateway Token**: Optional authentication token
- **Workspace Root**: The root directory for gateway files (e.g., `~/.openclaw`)
- **Allow self-signed TLS certificates**: Enable/disable self-signed certificate support (default: disabled)
CI: add markdownlint + docs-check wrapper; extend link check scope 2026-02-12 13:19:37 +00:00			`# Gateway WebSocket protocol`

docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00			`## Connection Types`

			OpenClaw Mission Control supports both secure (`wss://`) and non-secure (`ws://`) WebSocket connections to gateways.

			`### Secure Connections (wss://)`

			For production environments, always use `wss://` (WebSocket Secure) connections with valid TLS certificates.

			`### Self-Signed Certificates`

			`For local development or trusted local networks, you can enable support for self-signed TLS certificates:`

			`1. Navigate to the gateway configuration page (Settings → Gateways)`
			`2. When creating or editing a gateway, check the box: "Allow self-signed TLS certificates"`
			`3. This option is useful for:`
			- Local development: `wss://localhost:18789`
			- Trusted local networks: `wss://192.168.1.100:18789`

			`Security Warning: Only enable this option for localhost or gateways on trusted local networks. Do not use self-signed certificates for production gateways accessible over the internet.`

			`## Configuration Options`

			`When configuring a gateway, you can specify:`

			- Gateway URL: The WebSocket endpoint (e.g., `wss://localhost:18789` or `ws://gateway:18789`)
			`- Gateway Token: Optional authentication token`
			- Workspace Root: The root directory for gateway files (e.g., `~/.openclaw`)
			`- Allow self-signed TLS certificates: Enable/disable self-signed certificate support (default: disabled)`