I am running an https server using a certificate which was created using a self-signed CA certificate.
Now I want to connect Socket.io client to the Socket.io server that is attached to the https server. Unfortunately, I get an error, telling me:
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at SecurePair.<anonymous> (tls.js:1271:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:883:10)
at CleartextStream.read [as _read] (tls.js:421:15)
at CleartextStream.Readable.read (_stream_readable.js:293:10)
at EncryptedStream.write [as _write] (tls.js:330:25)
at doWrite (_stream_writable.js:211:10)
at writeOrBuffer (_stream_writable.js:201:5)
at EncryptedStream.Writable.write (_stream_writable.js:172:11)
at write (_stream_readable.js:547:24)
at flow (_stream_readable.js:556:7)
Basically, this error tells me that the certificate could not be verified successfully. This is due to the fact the the according CA certificate is self-signed. When using a https request, I can specify CAs whom I trust.
How can I make Socket.io connect in this case?
PS: I am running Node.js 0.10.0 and Socket.io 0.9.13.
Don’t use self signed certificates. Just don’t, some browsers give you no way of accepting them when using WebSockets. And you look like a cheap d*ck for not buying a proper cert.
From They see me pollin, they hatin (p. 23). A presentation by Arnout Kazemier (3rdEden), core team member of Socket.IO.
four years later but for any finding this post like me if you need to force client socket to not reject a self-signed server cert you need rejectUnauthorized: false
as in
const socket = require('socket.io-client')('https://192.168.0.31', { transports: ['websocket'], rejectUnauthorized: false })
from https://github.com/socketio/engine.io-client#methods
also there is now a good source for free certs so now you don't even have to be "cheap d*ck" https://letsencrypt.org/
For socket.io 1.0 (not sure about 0.9), there are details of how to get the node client to connect to an invalid cert here: https://stackoverflow.com/a/24235426. (Thanks to @3rdEden's comment above.) I find that self-signed SSL certs can be convenient for development servers.
Check here on how to use self-signed certificates for Certificate Signing Request. You must specify the following to allow connections using self signed certificates:
- key: A string or Buffer containing the private key of the client in PEM format.
- cert: A string or Buffer containing the certificate key of the client in PEM format.
- ca: An array of strings or Buffers of trusted certificates. If this is omitted several well known "root" CAs will be used, like VeriSign. These are used to authorize connections.
To create a self-signed certificate with the CSR, do this:
openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem
In the client the socket should be used as
var socket = io.connect('https://localhost', {secure: true});
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《Socket.io + SSL + self-signed CA certificate gives》','https://www.manongdao.com/article-252278.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}