Secure websockets with self-signed certificate

Question

I want to use secure Websockets to improve the success rate. I don't need the encryption.

Am I suppose to see a warning when using secure Websockets (wss://example.com) with a self-signed certificate? I tried it with Chrome 10 and I don't see a warning and it doesn't ask me to accept the certificate. It just works.

Is this a bug in chrome or the expected behavior? Will I be able to use self-signed certificates in the future?

Thanks

Answer 1

Yep, that's the current behavior of Chrome but I wouldn't expect it to continue to be the policy in the future. In firefox 4 (if you enable WebSockets in about:config) you will get a warning about the certificate. To approve the certificate you may also have to enter the WebSockets URL in the browser (substitute wss with https) and approve it there first (since the warning from the WebSockets connection about the self-signed cert may not give you the opportunity to approve it).

I would expect all browsers to converge on the correct behavior which is to throw up a warning dialog that allows the self-signed certificate to be approved.

Answer 2

Self-signed certificates are rejected by Chrome since v19 (http://crbug.com/53836). If you try to connect to a wss URL which uses a self-signed certificate, then the request is silently aborted.
To allow self-signed certificates to be used, start Chrome with the --ignore-certificate-errors flag, e,g:

chromium --user-data-dir=/tmp/whatever --ignore-certificate-errors 

To my knowledge, there is no way to get Firefox to accept your self-signed certificate for wss. So, just use ws:// for testing in Firefox. If you're testing your web app over https, then you have to toggle a preference to allow connections to (insecure) ws:// URLs:

1. Visit about:config
2. Set network.websocket.allowInsecureFromHTTPS to true