I have a website that is secured with SSL.
The website communicates with a client-side application through socket.io. The application is running a socket-io server, and the website attempts to connect to it as a client.
However, Chrome blocks the socket when it is run through HTTP.
When using self-signed certificates for an SSL socket, Chrome rejects them with the message net::ERR_INSECURE_RESPONSE
.
I don't see how I could get CA-signed certificates. This is a client-side application, and the browser connects to it through
var socket = io.connect("https://localhost:21054");
so there is no domain to verify. Besides, this certificate can easily be compromised (as it is client side), but this does not matter security-wise: the website dispatches commands to the application, and never acknowledges anything the application says.
How could I:
- Get trusted certificates for an application running on localhost?
- Force the browser (through javascript) to connect to the untrusted websocket?
- Use a 1-way socket that Chrome trusts? (xhr-style)
- Do anything else to successfully connect to the socket?