Can not established Websocket secure connection on Firefox
Question:
I am stuck with Firefox. I could not make WebSocket work on it. I use Tornado Websocket and I initialized it by code below:
app = Application([(r'/mypath/ws', WSHandler)])
http_server = HTTPServer(app, ssl_options={
"certfile": "~/certs/websocket.crt",
"keyfile": "~/certs/websocket.key"
})
http_server.listen("443")
And I initialized it on Javascript side like this:
var WS = new WebSocket("wss://websocket.localhost/mypath/ws");
This code works fine on Chrome, meanwhile, I created the cert by myself and run the page under HTTPS. But Firefox keeps saying that:
Firefox can't establish a connection to the server at wss://websocket.localhost/mypath/ws.
I google it and found too many thoughts but none of’em worked for me 🙁
Any help will be appreciated.
Answers:
If it’s a self-signed certificate, browsers won’t show the dialog to accept the certificate if it’s only used in a websocket. You must first visit a normal page on the same server to see and accept the certificate warning, and then you can create the secure websocket.
I solved my problem via ProxyPass. I created a non-secure Websocket server with Tornado and run it on a specific port such as 3232:
app = Application([(r'/ws/', WSHandler)])
ws_server = HTTPServer(app)
ws_server.listen("3232")
Then I’ve written a proxypass in my Apache conf and use mod_proxy_wstunnel:
ProxyPass /ws/ ws://127.0.0.1:3232/ws/
ProxyPassReverse /ws/ ws://127.0.0.1:3232/ws/
And I create Websocket client on frontend like this:
var WS = new WebSocket("wss://websocket.localhost:81/ws/")
In this case I can create a connection on a secure connection with https and my port is 81 and my proxypass redirect any Websocket request to locally listened port 3232. It is not a exact solution mostly like a workaround. But it works fine for me.
I’ve solved this problem adding a certificate exception in Firefox’s advanced preferences.
Try to open this url https://websocket.localhost/mypath/ws in firefox and accept certificate first.
I was pulling my hair out over this one for a while. I was getting all kinds of cryptic error messages depending on different web browsers, that all made it sound like it was something about certificate exceptions. I had already made exceptions in Firefox and Chrome,
It turned out I had a typo in my sub-protocol string in my Javascript!
Correcting the sub-protocol string made everything better.
More information on WebSockets and using sub-protocol(s): https://developer.mozilla.org/en-US/docs/Web/API/WebSocket
If it’s a self-signed certificate, browsers won’t show the dialog to accept the certificate if it’s only used in a websocket.
You must first visit the requested url to see and accept the certificate warning, and then you can create the secure websocket.
For example if your websocket url is:
wss://localhost:44300/OpenWebSocket
then visit:
https://localhost:44300/OpenWebSocket
and accept the certificate warning
It happened to me that I created my self-signed certificate in a wrong way, leaving the Basic Constraint -> Certificate Authority = Yes.
You can check that by visiting about:preferences#privacy in firefox, then click on the View Certificates… button. You will see the list of your websites/web apps and their certificates on the Servers tab. Click on your server and then click on the View… button.
A new window/tab will open with the details of the certificate. Scroll down to find the "Basic Constraints" section and there you will see if you generated that certificate declaring yourself as a Certificate Authority (CA). If so, you have to generate your certificate again without that constraint (CA=false)
I am stuck with Firefox. I could not make WebSocket work on it. I use Tornado Websocket and I initialized it by code below:
app = Application([(r'/mypath/ws', WSHandler)])
http_server = HTTPServer(app, ssl_options={
"certfile": "~/certs/websocket.crt",
"keyfile": "~/certs/websocket.key"
})
http_server.listen("443")
And I initialized it on Javascript side like this:
var WS = new WebSocket("wss://websocket.localhost/mypath/ws");
This code works fine on Chrome, meanwhile, I created the cert by myself and run the page under HTTPS. But Firefox keeps saying that:
Firefox can't establish a connection to the server at wss://websocket.localhost/mypath/ws.
I google it and found too many thoughts but none of’em worked for me 🙁
Any help will be appreciated.
If it’s a self-signed certificate, browsers won’t show the dialog to accept the certificate if it’s only used in a websocket. You must first visit a normal page on the same server to see and accept the certificate warning, and then you can create the secure websocket.
I solved my problem via ProxyPass. I created a non-secure Websocket server with Tornado and run it on a specific port such as 3232:
app = Application([(r'/ws/', WSHandler)])
ws_server = HTTPServer(app)
ws_server.listen("3232")
Then I’ve written a proxypass in my Apache conf and use mod_proxy_wstunnel:
ProxyPass /ws/ ws://127.0.0.1:3232/ws/
ProxyPassReverse /ws/ ws://127.0.0.1:3232/ws/
And I create Websocket client on frontend like this:
var WS = new WebSocket("wss://websocket.localhost:81/ws/")
In this case I can create a connection on a secure connection with https and my port is 81 and my proxypass redirect any Websocket request to locally listened port 3232. It is not a exact solution mostly like a workaround. But it works fine for me.
I’ve solved this problem adding a certificate exception in Firefox’s advanced preferences.
Try to open this url https://websocket.localhost/mypath/ws in firefox and accept certificate first.
I was pulling my hair out over this one for a while. I was getting all kinds of cryptic error messages depending on different web browsers, that all made it sound like it was something about certificate exceptions. I had already made exceptions in Firefox and Chrome,
It turned out I had a typo in my sub-protocol string in my Javascript!
Correcting the sub-protocol string made everything better.
More information on WebSockets and using sub-protocol(s): https://developer.mozilla.org/en-US/docs/Web/API/WebSocket
If it’s a self-signed certificate, browsers won’t show the dialog to accept the certificate if it’s only used in a websocket.
You must first visit the requested url to see and accept the certificate warning, and then you can create the secure websocket.
For example if your websocket url is:
wss://localhost:44300/OpenWebSocket
then visit:
https://localhost:44300/OpenWebSocket
and accept the certificate warning
It happened to me that I created my self-signed certificate in a wrong way, leaving the Basic Constraint -> Certificate Authority = Yes.
You can check that by visiting about:preferences#privacy in firefox, then click on the View Certificates… button. You will see the list of your websites/web apps and their certificates on the Servers tab. Click on your server and then click on the View… button.
A new window/tab will open with the details of the certificate. Scroll down to find the "Basic Constraints" section and there you will see if you generated that certificate declaring yourself as a Certificate Authority (CA). If so, you have to generate your certificate again without that constraint (CA=false)