Page 1 of 1

How to make JCEF trust/accept a self-signed certificate?

PostPosted: Thu Feb 28, 2019 1:27 pm
by bluechips23
I'm using JCEF to load an internal website which uses websockets. It creates a websocket connection to localhost which uses a self-signed certificate.

By default, I have settings.ignore_certificate_errors = false As a result, I am getting SSL errors on my websocket connections to localhost. So I have few questions:

1. Is it possible for JCEF to have settings.ignore_certificate_errors = true only for localhost and "false" for anything else?

2. Is it possible for make JCEF trust a self-signed certificate for certain urls (i.e. localhost)

3. The websocket connection request from the web page doesn't hit the RequestHandler's onCertificateError() method unless I manually enter the localhost url on the address bar. Is it possible for the websocket connections from the webpage trigger the onCertificateError()?

Re: How to make JCEF trust/accept a self-signed certificate?

PostPosted: Fri Mar 01, 2019 1:20 am
by ndesktop
I don't think you can selectively use ignore_certificate_errors only for certain hosts.
Better would be to implement CefRequestHandler::OnCertificateError and use
- request_url to extract the host
- cert_error to see if it arrives on ERR_CERT_AUTHORITY_INVALID or so (although there are many different cert errors mapped to the same code, check in src/net/cert/* for MapSecurityError)
- possibly ssl_info for more info
You may return true + callback->Continue() from OnCertificateError for localhost, and return false (default) for anything else.

I never used this with local websockets, so it's just a "I'd do it this way".