22

I am stuck with Firefox. I could not make WebSocket work on it. I use Tornado Websocket and I initialized it by code below:

app = Application([(r'/mypath/ws', WSHandler)])
http_server = HTTPServer(app, ssl_options={
                "certfile": "~/certs/websocket.crt",
                "keyfile": "~/certs/websocket.key"
            })
http_server.listen("443")

And I initialized it on Javascript side like this:

var WS = new WebSocket("wss://websocket.localhost/mypath/ws");

This code works fine on Chrome, meanwhile, I created the cert by myself and run the page under HTTPS. But Firefox keeps saying that:

Firefox can't establish a connection to the server at wss://websocket.localhost/mypath/ws.

I google it and found too many thoughts but none of'em worked for me :(

Any help will be appreciated.

Improve this question
4
  • 1
    you created the cert yourself... did you add it to your browser's trusted certificate list? Commented May 21, 2014 at 6:09
  • 1
    I should not add my own certificate manually to the browser because my clients won't do that. I have to find a permanent solution. Commented May 21, 2014 at 6:15
  • 2
    FatihKaratana Try what konghou said, if it works then you might have to buy a certificate from a trusted issuer. Commented May 21, 2014 at 6:30
  • network.http.http3.enable == true? Commented Feb 10 at 17:53

7 Answers 7

Reset to default
29

If it's a self-signed certificate, browsers won't show the dialog to accept the certificate if it's only used in a websocket.

You must first visit the requested URL to see and accept the certificate warning, and then you can create the secure websocket.

For example if your websocket url is: wss://localhost:44300/OpenWebSocket,

then visit: https://localhost:44300/OpenWebSocket, and accept the certificate warning.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This should be the accepted answer as it explains in detail how to resolve.
Although should have been proposed as an edit to the answer it quoted.
In my case, I get a SSL_ERROR_RX_RECORD_TOO_LONG in Firefox. (Before, I got a NS_ERROR_NET_RESET.) So no certificate warning page shows up. Peculiarly, the websocket works via https and wss in chrome, yet Firefox won't work.
I created a follow up question: stackoverflow.com/questions/79825433/…
10

If it's a self-signed certificate, browsers won't show the dialog to accept the certificate if it's only used in a websocket. You must first visit a normal page on the same server to see and accept the certificate warning, and then you can create the secure websocket.

Improve this answer

1 Comment

It still doesn't work even if I go to the host (localhost) before connecting. bugzilla.mozilla.org/show_bug.cgi?id=1187666
4

I solved my problem via ProxyPass. I created a non-secure Websocket server with Tornado and run it on a specific port such as 3232:

app = Application([(r'/ws/', WSHandler)])
ws_server = HTTPServer(app)
ws_server.listen("3232")

Then I've written a proxypass in my Apache conf and use mod_proxy_wstunnel:

ProxyPass /ws/ ws://127.0.0.1:3232/ws/
ProxyPassReverse /ws/ ws://127.0.0.1:3232/ws/

And I create Websocket client on frontend like this:

var WS = new WebSocket("wss://websocket.localhost:81/ws/")

In this case I can create a connection on a secure connection with https and my port is 81 and my proxypass redirect any Websocket request to locally listened port 3232. It is not a exact solution mostly like a workaround. But it works fine for me.

Improve this answer

Comments

1

Try to open this url https://websocket.localhost/mypath/ws in firefox and accept certificate first.

Improve this answer

Comments

1

It happened to me that I created my self-signed certificate in a wrong way, leaving the Basic Constraint -> Certificate Authority = Yes.

You can check that by visiting about:preferences#privacy in firefox, then click on the View Certificates... button. You will see the list of your websites/web apps and their certificates on the Servers tab. Click on your server and then click on the View... button.

A new window/tab will open with the details of the certificate. Scroll down to find the "Basic Constraints" section and there you will see if you generated that certificate declaring yourself as a Certificate Authority (CA). If so, you have to generate your certificate again without that constraint (CA=false)

Improve this answer

1 Comment

After doing that, my web application run fine in HTTPS and my websocket server using WSS:// without needing any proxy or other tricks.
0

I've solved this problem adding a certificate exception in Firefox's advanced preferences.

Improve this answer

1 Comment

You might be solve the issue by that way, but i've got no chance to force my users to do that :( That is the key-point for me. That is why i found a way workaround.
0

I was pulling my hair out over this one for a while. I was getting all kinds of cryptic error messages depending on different web browsers, that all made it sound like it was something about certificate exceptions. I had already made exceptions in Firefox and Chrome,

It turned out I had a typo in my sub-protocol string in my Javascript!

Correcting the sub-protocol string made everything better. More information on WebSockets and using sub-protocol(s): https://developer.mozilla.org/en-US/docs/Web/API/WebSocket

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.