2

I have developed a java application that uses a Signature Pad to capture biometric signatures. The Pad is plugged to the Client computers so i need to run the java controller on each local machines. To do that we run a JAR that contains a Jetty server. We use websockets protocol to start the signature process from the browser and to send data to the Jetty server.

The problem: We need to create a certificate for the websocket secure connection and this certificate must be emitted for 127.0.0.1 since the Jetty server is running on the Client local machines.

If I create a self-signed certificate the solution works fine but some browsers, for example Firefox, does not allow self-signed certs as trusted certs and I doubt that a CA issues a certificate for 127.0.0.1.

So, what would be the best solution? Keep using the self signed cert? Is there any other way?

Marco A. Hernandez
  • 791
  • 4
  • 15
  • Why 127.0.0.1? A web browser on an external device (Signature Pad) plugged in to the computer will not be able to connect to the client computer using this address. – mjn Jun 08 '16 at 09:21
  • The web browser isn't on the Signature Pad. The browser send data to the Jetty server (both in Client computer) vía websocket and java controller deals with the Signature Pad. The Pad isn't important here, the problem is in the call between de browser and Jetty in the same machine. – Marco A. Hernandez Jun 08 '16 at 09:42
  • Possible duplicate of http://stackoverflow.com/questions/26037462/how-can-i-establish-a-secure-connection-to-a-websocket-on-localhost – mjn Jun 08 '16 at 09:52

1 Answers1

1

If you have admin privileges on the POS terminals, how about adding a line to the HOSTS file like:

127.0.0.1 localhost.mycompany.com

Now you can use a real certificate for localhost.mycompany.com in the server application.

(From How can I establish a secure connection to a websocket on localhost?)

Community
  • 1
  • 1
mjn
  • 36,362
  • 28
  • 176
  • 378