Secured WebSocket does not work in Chrome58

Question

I have upgraded my Chrome to 58 and found the secured WebSocket isn't working any more, the console shows (WebSocket connection to 'wss://127.0.0.1:1234/' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE), I know Google has deprecated the SHA1 certificate, so created a new self-signed certificate with SHA256, but it still doesn't work, so is the self-signed cert not allowed in this scenario? (I'm using "new WebSocket("wss://127.0.0.1:1234")")

Answer 1

Edit: Please see @Edgar's answer. subjectAltName seems to have become a requirement for self-signed certificates since Chrome 58.

It appears the OP has asked this problem to Google Help Community as well. The response from Google Help Community is:

"I see that you are using Chrome Beta which is an experimental version of Chrome in which new features are tested. I'd recommend to use Chrome Stable which has gotten the full testing and is the updated version. It is the best bet to avoid crashes and other issues."

For now, that should be marked as the correct answer. I just tested wss://localhost on Chrome 59 (Canary/Beta) and it's working.

Note, moving forward, this functionality is subject for removal due to Chromium issue #378566 due to the security implications. For those of us requiring wss:// in this fashion, we should receive deprecation warnings prior to removal. As of Chrome 59 (Canary/Beta), this deprecation is not present.

Answer 2

It turns out that the certificate should have a subjectAltName with "IP = 127.0.0.1" for my cert to work in Chrome58, not sure if it's a Chrome bug or new requirement