发表新帖
发表新帖

Socket.io + SSL + self-signed CA certificate gives error when connecting

前端 未结
关注
4 1614
后悔当初
后悔当初 2020-12-19 04:34

I am running an https server using a certificate which was created using a self-signed CA certificate.

Now I want to connect Socket.io client to the Socket.io server

相关标签:
4条回答
  • 别那么骄傲
    2020-12-19 04:51

    For socket.io 1.0 (not sure about 0.9), there are details of how to get the node client to connect to an invalid cert here: https://stackoverflow.com/a/24235426. (Thanks to @3rdEden's comment above.) I find that self-signed SSL certs can be convenient for development servers.

    0 讨论(0)
  • 时光取名叫无心
    2020-12-19 04:53

    Check here on how to use self-signed certificates for Certificate Signing Request. You must specify the following to allow connections using self signed certificates:

    1. key: A string or Buffer containing the private key of the client in PEM format.
    2. cert: A string or Buffer containing the certificate key of the client in PEM format.
    3. ca: An array of strings or Buffers of trusted certificates. If this is omitted several well known "root" CAs will be used, like VeriSign. These are used to authorize connections.

    To create a self-signed certificate with the CSR, do this:

    openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem

    In the client the socket should be used as

    var socket = io.connect('https://localhost', {secure: true});
    0 讨论(0)
  • 心在旅途
    2020-12-19 05:09

    Don’t use self signed certificates. Just don’t, some browsers give you no way of accepting them when using WebSockets. And you look like a cheap d*ck for not buying a proper cert.

    From They see me pollin, they hatin (p. 23). A presentation by Arnout Kazemier (3rdEden), core team member of Socket.IO.

    0 讨论(0)
  • Happy的楠姐
    2020-12-19 05:16

    four years later but for any finding this post like me if you need to force client socket to not reject a self-signed server cert you need rejectUnauthorized: false as in const socket = require('socket.io-client')('https://192.168.0.31', { transports: ['websocket'], rejectUnauthorized: false }) from https://github.com/socketio/engine.io-client#methods

    also there is now a good source for free certs so now you don't even have to be "cheap d*ck" https://letsencrypt.org/

    0 讨论(0)
 看不清?
提交回复
热议问题