Failed to load resource: net::ERR_INSECURE_RESPONSE socket.io

Question

I am connecting to a port on my server via ssl... recently i have started to get Failed to load resource: net::ERR_INSECURE_RESPONSE error on chrome while connecting to the node.js+socket.io server.Here is my server setting up code:

var fs = require('fs');
var express = require('express');
var routes = require('./routes');
var https = require('https');
var path = require('path');
var socketio = require('socket.io');
var util = require('util');
var url = require('url');
var privateKey  =  fs.readFileSync('ssl/keys/xxxxxxxxxxxxxxxxxxxxxxxx.key', 'utf8');
var certificate = fs.readFileSync('ssl/certs/xxxxxxxxxxxxxx.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var sizeOf = require('image-size');


var DBWrapper = require('node-dbi').DBWrapper; 
var DBExpr = require('node-dbi').DBExpr; 
var dbConnectionConfig = { host: 'localhost', user: 'user', password: 'password', database: 'dbname' };
dbWrapper = new DBWrapper( "pg", dbConnectionConfig );
dbWrapper.connect();

var app = express();

app.set('port', process.env.PORT || 8080);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));

app.get('/', routes.index);


var server = https.createServer(credentials,app).listen(app.get('port'), function(){
  console.log("Express server listening on port with https " + app.get('port'));
});

 var io = socketio.listen(server);

What am i doing wrong?

Edit: This is how i connect on client side:

socket = io.connect("https://website.com:8080", {'reconnect': false});

Answer 1

Your certificate is probably self-signed.

Chromium block this kind of insecure content. If you are alone to use it as testing for example, you can just unblock it opening a new tab in Google chrome and going to https://example.com:8080. Chrome will advertise you that the resource use a self-signed SSL certificate and ask you if you want to continue. If you do, your app will now work on your first tab.

Remember that you will do it for each navigation session in chrome.

Answer 2

I had a similar issue when using an offical, not self signed certificate and I just found the solution. It only failed in chrome on Android, btw. Add the certifate chain to the options object of the https.createServer method:

var hskey = fs.readFileSync('/the_key.key');
var hscert = fs.readFileSync('/the_cert.pem')
var ca = fs.readFileSync('/The_CA_bundle.pem')

var credentials = {
    ca:ca,
    key: hskey,
    cert: hscert
};

var server = https.createServer(credentials,app).listen(app.get('port'), function(){
  console.log("Express server listening on port with https " + app.get('port'));
});

Just putting it here, to prevent someone else banging his head against the wall when having a similar issue.

Answer 3

Thanks. That solved also my problem. In my case I was running front-end Angular 2 in development mode on localhost:3000 and back-end on https://server:8443 and I was also getting

 net::ERR_INSECURE_RESPONSE 

My solution was to navigate to https://server:443 which was running deployed front-end and confirm self-signed certificate.