Reputation: 2227
WebSocket network error: OSStatus Error -9807: Invalid certificate chain
I'm getting following error while connecting to websocket's in safari, In remaining browsers it is working fine
Error:
WebSocket network error: OSStatus Error -9807: Invalid certificate chain
Code:
var websocket = new WebSocket("wss://localhost:44300/websocketHome", "Room_123")
Upvotes: 9
Views: 9684
Answers (3)
Reputation: 141
We ran into this error, secure WebSockets weren't working in newer versions of OSX under Safari and Chrome, with a LetsEncrypt certificate. The fix for us was to replace references to "cert.pem" with "fullchain.pem", as described in this link https://community.letsencrypt.org/t/issues-on-mac-with-wss-osstatus-error-9807-invalid-certificate-chain/160930
Upvotes: 0
Reputation: 203
The workaround is to enable NSURLSession Websocket in Settings > Safari > Advanced > Experimental Features > NSURLSession Websocket. Should work on iOS 13.4.1+.
Note this may not be suitable for production environments.
Upvotes: 2
Reputation: 440
So I'm going to start this answer with a caveat: I'm not an expert in WebSockets, Browsers, Safari, or URLs. The reason I mention this is that I don't know why this solution works and I don't know why Safari behaves in the way that it does.
I spent a good couple of hours figuring out why my site wasn't working in Safari, but was working in every other browser. And it pisses me off, because I don't have time for this rubbish.
Essentially what you need to do is replace this:
var websocket = new WebSocket("wss://localhost:44300/websocketHome", "Room_123")
with this:
var websocket = new WebSocket("ws://localhost:44300/websocketHome", "Room_123")
But don't kick yourself yet, because you weren't imagining it when it worked in Chrome and Firefox. Safari seems to be the only browser enforcing the protocol part of the URL, i.e. "ws" instead of "wss" for localhost connections.
Basically I don't have time to research if Safari is following the standard properly or not, but it doesn't matter, because I'm going to chalk this up as yet another example of Safari(the Internet Explorer of 2017) unnecessarily breaking from the herd to make life difficult for web developers.
If Apple want to enforce standards that the other browsers don't, they're welcome to do that, but they at least need to print useful errors, WebSocket network error: OSStatus Error -9807: Invalid certificate chain isn't good enough.
Edit
This will be obvious to most people, but for those who aren't professional developers, make sure you don't deploy this change to production. You want to be using the wss protocol for production, and that should work fine on Safari if you've got your certificates set up properly.
Upvotes: 1
Related Questions
- Node.js Port 3000 already in use but it actually isn't?
- React Native Web sockets. Getting 1006, OSStatus error -9807
- Java TooTallNate Secure Websocket Server on FireTV with Lets Encrypt Certificate: Handshake / Chain Error
- Socket io and Safari Error -9807
- WebSocket connection to 'wss://localhost:44300/Home/websocketcon' failed: Error during WebSocket handshake: Unexpected response code: 404
- Websocket certificate for local network
- catch error thrown by Safari using javascript
- Safari 6.0.4 refuses to use websocket with socket.io (error 9843