Can not established Websocket secure connection on Firefox

Question

I am stuck with Firefox. I could not make WebSocket work on it. I use Tornado Websocket and I initialized it by code below:

app = Application([(r'/mypath/ws', WSHandler)])
http_server = HTTPServer(app, ssl_options={
                "certfile": "~/certs/websocket.crt",
                "keyfile": "~/certs/websocket.key"
            })
http_server.listen("443")

And I initialized it on Javascript side like this:

var WS = new WebSocket("wss://websocket.localhost/mypath/ws");

This code works fine on Chrome, meanwhile, I created the cert by myself and run the page under HTTPS. But Firefox keeps saying that:

Firefox can't establish a connection to the server at wss://websocket.localhost/mypath/ws.

I google it and found too many thoughts but none of'em worked for me :(

Any help will be appreciated.

Answer 1

If it's a self-signed certificate, browsers won't show the dialog to accept the certificate if it's only used in a websocket.
You must first visit the requested url to see and accept the certificate warning, and then you can create the secure websocket.

For example if your websocket url is:
wss://localhost:44300/OpenWebSocket
then visit:
https://localhost:44300/OpenWebSocket
and accept the certificate warning

Answer 2

If it's a self-signed certificate, browsers won't show the dialog to accept the certificate if it's only used in a websocket. You must first visit a normal page on the same server to see and accept the certificate warning, and then you can create the secure websocket.

Answer 3

I solved my problem via ProxyPass. I created a non-secure Websocket server with Tornado and run it on a specific port such as 3232:

app = Application([(r'/ws/', WSHandler)])
ws_server = HTTPServer(app)
ws_server.listen("3232")

Then I've written a proxypass in my Apache conf and use mod_proxy_wstunnel:

ProxyPass /ws/ ws://127.0.0.1:3232/ws/
ProxyPassReverse /ws/ ws://127.0.0.1:3232/ws/

And I create Websocket client on frontend like this:

var WS = new WebSocket("wss://websocket.localhost:81/ws/")

In this case I can create a connection on a secure connection with https and my port is 81 and my proxypass redirect any Websocket request to locally listened port 3232. It is not a exact solution mostly like a workaround. But it works fine for me.

Answer 4

Try to open this url https://websocket.localhost/mypath/ws in firefox and accept certificate first.

Answer 5

I've solved this problem adding a certificate exception in Firefox's advanced preferences.

Answer 6

It happened to me that I created my self-signed certificate in a wrong way, leaving the Basic Constraint -> Certificate Authority = Yes.

You can check that by visiting about:preferences#privacy in firefox, then click on the View Certificates... button. You will see the list of your websites/web apps and their certificates on the Servers tab. Click on your server and then click on the View... button.

A new window/tab will open with the details of the certificate. Scroll down to find the "Basic Constraints" section and there you will see if you generated that certificate declaring yourself as a Certificate Authority (CA). If so, you have to generate your certificate again without that constraint (CA=false)

Answer 7

I was pulling my hair out over this one for a while. I was getting all kinds of cryptic error messages depending on different web browsers, that all made it sound like it was something about certificate exceptions. I had already made exceptions in Firefox and Chrome,

It turned out I had a typo in my sub-protocol string in my Javascript!

Correcting the sub-protocol string made everything better. More information on WebSockets and using sub-protocol(s): https://developer.mozilla.org/en-US/docs/Web/API/WebSocket