WebSocket secure connection self signed certificate

Have you tried any of the answers to this question?

To summarize, it looks like there are a few options you could try:

  • Start Chrome with the --ignore-certificate-errors argument specified.

  • Start an HTTP server on the same port that takes the same self-signed certificate, browse to it, and accept the certificate, after which you should be able to use the WebSocket connection.

  • Set the configuration option on Firefox network.websocket.allowInsecureFromHTTPS to true, then use the ws:// rather than the wss:// address.

If all this is is for testing and you have the possibility to control that sort of thing, then I think one or more of those should work. If you need your standard end user to be able to do this, I think you'll a need a different solution. As you've found, it doesn't matter if you set the server up to not care about the certificate, the client has to ultimately decide if it wants to accept the certificate or it won't accept the connection.


@Kdawg answers are correct.

You have no hope to have client browsers accept an insecure connection with server-side tuning only. All the behavior for accepting the unsigned (or self-signed) certificate is on the client side.

I would like to add, on top of @Kdawg's answer that on Windows networks, the most common practice for private organizations is to:

  1. Assign a Windows Server to act as Certificate Authority

  2. Add the Certificate Authority's public root certificate into Windows hosts (either by GPO) or manually

  3. Sign the custom-made certificate with the Windows CA server

It sounds painful, and it is.

If I were you, I would go for making a standard publicly-signed certificate and would run SSL off until it is done.

Look at Let's Encrypt for free SSL certificates for your domain.