Firefox disconnects websockets connection for a self signed certificate

Question

I am trying to make websocket connection to a backend server that uses a self-signed certificate. In firefox I've added an exception for the self-signed cert.

However my websocket connection wss:// fails to connect. I get a close event with code 1006 which is a catch all code.

Chrome and IE websockets work. Since I am using windows, I've installed the cert using certmgr.exe as a trusted cert.

My guess right now is that firefox websockets do not work with certificate exceptions and need to be trusted.

Has this scenario worked for anyone else?

Answer 1

Just in case it could help anyone, what is mentioned in OP's answer is not true at this time of writing (v61.0.1).

I navigated to the address of my WS server using https, as any WS server is practically an HTTP server, then the usual invalid certificate screen appeared and allowed me to add an exception. After that any wss connection made to the same host and port is successful.

Answer 2

Firefox works with secure websockets (wss://) only when the certificate of the site is trusted.

With a self-signed certificate I was able to browse the site by adding an exception to the certificate. The exception is not used for websockets and the connection was dropped during the ssl handshake.

Instead I created my own Root CA cert and then another signed cert for the webserver. In Options > View Certificates > Authorities I imported the Root cert. Now firefox is able to connect over secure websockets without any issue.

Firefox does not allow for importing of self-signed certs as Authorities. Windows Certificate manager allows importing of self signed certs into the "Trusted Root Certificate Authorities" list.