I'm trying to send AJAX requests to the REST API website that uses self-signed certificate. The problem is that when I first visit that website it is complaining about this certificate issue. When I do an AJAX request (without accepting this certificate first) it fails silently.

The question is what to do in this case? Should I ask the user to go to this website and accept this certificate? Is there a way to do that in elegant way? I know that this certificate should have been signed in the first place, but I don't have an access to that website. Using http is not an option.

I have had this same problem several times. The best I could come up with was something like this: check for a cookie, if they have it, do nothing, if they do not have it, issue a re-direct to the site that generates the cert warning, user accepts the self-signed cert, then the user just needs to go back to your site. If you had any control over the api side, you could probably make it so that you have a bounce back url or something that ends up getting the user back to your site. There really is no elegant way to handle this short of just getting a real SSL cert. On another site, we ended up having to put a link to the service on our page for this very reason, fortunately it was temporary as we had control over the server side too, and planned on replacing the self-signed cert with a real one.

This is security doing its job. It may not being doing a good job as far as handling what the user is supposed to do, but you really should sign your certificate with a valid CA instead.