I need to disable certificate validation for a WebSocket because I'm using a self-signed certificate.
I found in this question Websocket SSL connection the rejectUnauthorized
parameter, but that no longer work. In fact, if you go to Mozilla's documentation, there are only two parameters: URL and protocol version.
In another question or site (don't remember exactly), I found that if I go first to https://server_ip
, I would get the prompt about invalid certificate requesting whether I want to proceed or not. Then I could connect using wss://server_ip
and it would work, and it does, but that's not usable for my case.
So, I need to disable the certificate validation during the creation of the WebSocket. How can I do that?
The code I'm using for testing is the one at https://www.websocket.org/echo.html. I replaced the websocket = new WebSocket(wsUri);
with websocket = new WebSocket(wsUri, {rejectUnauthorized: false});
(during testing, also added the protocolVersion: 8
parameter as in the linked question)
Edit: I need to use self-signed certificates. Let's Encrypt is out of question because it requires a subdomain, and I'd need to manage hundreds to thousands of them then. The application is divided in three parts, that will be deployed to each customer (hundreds of them):
To disable a certificate, right-click the certificate, click Properties, select Disable all purposes for this certificate, and then click OK.
The probe supports Secure Sockets Layer (SSL) connections between the probe and WebSocket. SSL connections provide additional security when the probe retrieves alarms from the target systems. To enable SSL connections, obtain any required SSL certificates and Trusted Authority certificates for WebSocket.
You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.
Add certificate to Fleck As described in Fleck's Readme, you have to use the wss:// protocol (with var server = new WebSocketServer("wss://[IPAddress]:[Port]"); ) and point Fleck to your certificate (x509 with both, public and private, Key) with server. Certificate = new X509Certificate2("path/to/cert. pfx");
I might arrive late here, but as I was having the same issue and no real answer out there, I turned to read the implementation documentation
Methods
connect(requestUrl, requestedProtocols, [[[origin], headers], requestOptions])
Will establish a connection to the given requestUrl. requestedProtocols indicates a list of multiple subprotocols supported by the client. The remote server will select the best subprotocol that it supports and send that back when establishing the connection. origin is an optional field that can be used in user-agent scenarios to identify the page containing any scripting content that caused the connection to be requested. requestUrl should be a standard websocket url.
headers should be either null or an object specifying additional arbitrary HTTP request headers to send along with the request. This may be used to pass things like access tokens, etc. so that the server can verify authentication/authorization before deciding to accept and open the full WebSocket connection.
requestOptions should be either null or an object specifying additional configuration options to be passed to http.request or https.request. This can be used to pass a custom agent to enable WebSocketClient usage from behind an HTTP or HTTPS proxy server.
origin must be specified if you want to pass headers, and both origin and headers must be specified if you want to pass requestOptions. The origin and headers parameters may be passed as null.
Hence, as the documentation stated, unless you have specific configuration for any of these parameters you should pass null. That solved the maze. It came to be:
var client = new WebSocket();
client.connect(WSSrvUrl, null, null, null, {rejectUnauthorized: false});
//or depending on the implementation you're using (this applies to Nodejs and web browser implementation:
var client = new WebSocket(WSSrvUrl, null, null, null, {rejectUnauthorized: false});
And that's it.
SDG
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With