1

I have a windows desktop application which need to be communicated with our web page.So I've created a local server which runs on a port.I'm creating a socket from my webpage to the desktop application and the communication happens though that socket.

As my webpage runs on HTTPS, I need to create a secure socket ('wss'). SO I generated a self signed certificate for Ip 127.0.0.1 using openssl and I imported the certificate to windows trusted cerificate store.Now google chrome accepts it as a trusted certificate but the firefox rejects that certificate with the error Error code: SEC_ERROR_UNKNOWN_ISSUER .

We cant buy a SSL certificate for localhost domain from a CA. Is there any solution to overcome this problem? Is there any way to skip SSL check for socket creation?

How can I create a certificate which will be accepted by all the browsers as a trusted certificate?

Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
VBC
  • 161
  • 1
  • 3
  • 15

2 Answers2

3

Firefox can use the desktop store by setting this key to TRUE : security.enterprise_roots.enabled

To change this, open about:config with your Firefox and look for this key.

If you want to change this automatically for several desktops, have a look at this tutorial which is well done.

Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
2

The other answer from Eugène Adell is good, but if you are on Linux, a policy file is required to trust the OS certificate authority.

Create a file "policies.json" in the "distribution" directory of the Firefox install location, and point it to the certificate file:

{
  "policies": {
    "Certificates": {
      "ImportEnterpriseRoots": true,
      "Install": ["localhost.crt","/path/to/cert/file"]
    }
  }
}

https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox
https://github.com/mozilla/policy-templates/blob/master/README.md#certificates--install

This Q&A on a similar question may have some more information:
https://stackoverflow.com/a/74802552/2657515

JonathanDavidArndt
  • 2,518
  • 13
  • 37
  • 49