{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Secure websocket with localhost certificate》','https://www.manongdao.com/q-547123.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We use a secure connection (HTTPS) for our site, and we need the client to communicate with a program running in background (made with Qt), which the user installed previously. We intended to do that using websockets, using a certificate signed by the company. The CA is installed in Windows and Mozilla databases.
Since the websocket runs on the client side, and the websocket server also runs on the client's machine, the connection is perfromed on localhost. Also, because we use HTTPS, we must also use WSS. We chose port 2424.
The problem is, Chrome, Firefox and IE consider the connection to be untrusted because it is on localhost (I think). If I open a new tab on https://127.0.0.1:2424, an error message appears; the browsers say the certificate is only valid on localhost, and that this could mean that someone may be trying to intercept data sent to the server (Firefox error code: ssl_error_bad_cert_domain).
The problem was that the certificate was issued to
localhost, not127.0.0.1. The websocket connected using the IP, not covered by the certificate, so changing the socket address fromwss://127.0.0.1:2424towss://localhost:2424worked, at least for Chrome and IE, but the connection is still refused in Firefox.