How to make JCEF trust/accept a self-signed certificate?

Having problems with building or using the JCEF Java binding? Ask your questions here.

How to make JCEF trust/accept a self-signed certificate?

Postby bluechips23 » Thu Feb 28, 2019 1:27 pm

I'm using JCEF to load an internal website which uses websockets. It creates a websocket connection to localhost which uses a self-signed certificate.

By default, I have settings.ignore_certificate_errors = false As a result, I am getting SSL errors on my websocket connections to localhost. So I have few questions:

1. Is it possible for JCEF to have settings.ignore_certificate_errors = true only for localhost and "false" for anything else?

2. Is it possible for make JCEF trust a self-signed certificate for certain urls (i.e. localhost)

3. The websocket connection request from the web page doesn't hit the RequestHandler's onCertificateError() method unless I manually enter the localhost url on the address bar. Is it possible for the websocket connections from the webpage trigger the onCertificateError()?
bluechips23
Techie
 
Posts: 12
Joined: Tue Nov 11, 2014 10:58 am

Re: How to make JCEF trust/accept a self-signed certificate?

Postby ndesktop » Fri Mar 01, 2019 1:20 am

I don't think you can selectively use ignore_certificate_errors only for certain hosts.
Better would be to implement CefRequestHandler::OnCertificateError and use
- request_url to extract the host
- cert_error to see if it arrives on ERR_CERT_AUTHORITY_INVALID or so (although there are many different cert errors mapped to the same code, check in src/net/cert/* for MapSecurityError)
- possibly ssl_info for more info
You may return true + callback->Continue() from OnCertificateError for localhost, and return false (default) for anything else.

I never used this with local websockets, so it's just a "I'd do it this way".
ndesktop
Expert
 
Posts: 369
Joined: Thu Dec 03, 2015 10:10 am


Return to JCEF Forum

Who is online

Users browsing this forum: No registered users and 2 guests