Firefox断开websockets连接以获取自签名证书 [英] Firefox disconnects websockets connection for a self signed certificate

问题描述

我正在尝试将Websocket连接到使用自签名证书的后端服务器.在firefox中，我为自签名证书添加了一个例外.

I am trying to make websocket connection to a backend server that uses a self-signed certificate. In firefox I've added an exception for the self-signed cert.

但是我的websocket连接wss://无法连接.我收到代码为1006的关闭事件，该事件可以捕获所有代码.

However my websocket connection wss:// fails to connect. I get a close event with code 1006 which is a catch all code.

Chrome和IE websockets可以正常工作.由于我使用的是Windows，因此我已经使用certmgr.exe作为受信任的证书安装了该证书.

Chrome and IE websockets work. Since I am using windows, I've installed the cert using certmgr.exe as a trusted cert.

我现在的猜测是firefox websocket不能与证书异常一起使用，并且需要被信任.

My guess right now is that firefox websockets do not work with certificate exceptions and need to be trusted.

这种情况对其他人有用吗?

Has this scenario worked for anyone else?

推荐答案

仅当站点的证书受信任时，Firefox才能与安全websocket(wss://)一起使用.

Firefox works with secure websockets (wss://) only when the certificate of the site is trusted.

使用自签名证书，我可以通过向证书添加例外来浏览站点.此异常不适用于websocket，并且在ssl握手期间断开了连接.

With a self-signed certificate I was able to browse the site by adding an exception to the certificate. The exception is not used for websockets and the connection was dropped during the ssl handshake.

相反，我创建了自己的Root CA证书，然后为Web服务器创建了另一个签名证书.在选项>查看证书>权威中，我导入了根证书.现在，firefox可以通过安全的websocket进行连接，而不会出现任何问题.

Instead I created my own Root CA cert and then another signed cert for the webserver. In Options > View Certificates > Authorities I imported the Root cert. Now firefox is able to connect over secure websockets without any issue.

Firefox不允许将自签名证书作为授权单位"导入. Windows证书管理器允许将自签名证书导入受信任的根证书颁发机构"列表.

Firefox does not allow for importing of self-signed certs as Authorities. Windows Certificate manager allows importing of self signed certs into the "Trusted Root Certificate Authorities" list.

这篇关于Firefox断开websockets连接以获取自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！