1

I have a website that is secured with SSL.

The website communicates with a client-side application through socket.io. The application is running a socket-io server, and the website attempts to connect to it as a client.

However, Chrome blocks the socket when it is run through HTTP. When using self-signed certificates for an SSL socket, Chrome rejects them with the message net::ERR_INSECURE_RESPONSE.

I don't see how I could get CA-signed certificates. This is a client-side application, and the browser connects to it through

var socket = io.connect("https://localhost:21054");

so there is no domain to verify. Besides, this certificate can easily be compromised (as it is client side), but this does not matter security-wise: the website dispatches commands to the application, and never acknowledges anything the application says.

How could I:

  • Get trusted certificates for an application running on localhost?
  • Force the browser (through javascript) to connect to the untrusted websocket?
  • Use a 1-way socket that Chrome trusts? (xhr-style)
  • Do anything else to successfully connect to the socket?
c0d3rman
  • 652
  • 6
  • 14
  • Possible duplicate of [Getting Chrome to accept self-signed localhost certificate](http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate) – jww Aug 20 '14 at 13:22
  • *"I don't see how I could get CA-signed certificates..."* - `localhost` is a valid hostname. According the the [CA/Browser Forums Baseline Requirements](http://cabforum.org/baseline-requirements-documents/) and [Extended Validation](http://cabforum.org/extended-validation/) requirements (EV should *not* apply), a certificate with the name `localhost` is not prohibited. – jww Aug 20 '14 at 13:25
  • The question you linked deals with using browser settings; I want anyone to be able to use the website and application without configuring the browser. What trusted CA could I get a certificate for `localhost` from? Don't I need to show I own the domain to get a certificate? – c0d3rman Aug 20 '14 at 17:14

0 Answers0