I'm getting following error while connecting to websocket's in safari, In remaining browsers it is working fine
Error:
WebSocket network error: OSStatus Error -9807: Invalid certificate chain
Code:
var websocket = new WebSocket("wss://localhost:44300/websocketHome", "Room_123")
I'm getting following error while connecting to websocket's in safari, In remaining browsers it is working fine
Error:
WebSocket network error: OSStatus Error -9807: Invalid certificate chain
Code:
var websocket = new WebSocket("wss://localhost:44300/websocketHome", "Room_123")
- 1 Are you using a self-signed certificate? – Cathy Commented Oct 19, 2016 at 4:34
- I met similar issue. only https + safari – paco alcacer Commented Dec 1, 2016 at 9:00
3 Answers
Reset to default 2The workaround is to enable NSURLSession Websocket in Settings > Safari > Advanced > Experimental Features > NSURLSession Websocket. Should work on iOS 13.4.1+.
Note this may not be suitable for production environments.
So I'm going to start this answer with a caveat: I'm not an expert in WebSockets, Browsers, Safari, or URLs. The reason I mention this is that I don't know why this solution works and I don't know why Safari behaves in the way that it does.
I spent a good couple of hours figuring out why my site wasn't working in Safari, but was working in every other browser. And it pisses me off, because I don't have time for this rubbish.
Essentially what you need to do is replace this:
var websocket = new WebSocket("wss://localhost:44300/websocketHome", "Room_123")
with this:
var websocket = new WebSocket("ws://localhost:44300/websocketHome", "Room_123")
But don't kick yourself yet, because you weren't imagining it when it worked in Chrome and Firefox. Safari seems to be the only browser enforcing the protocol part of the URL, i.e. "ws" instead of "wss" for localhost connections.
Basically I don't have time to research if Safari is following the standard properly or not, but it doesn't matter, because I'm going to chalk this up as yet another example of Safari(the Internet Explorer of 2017) unnecessarily breaking from the herd to make life difficult for web developers.
If Apple want to enforce standards that the other browsers don't, they're wele to do that, but they at least need to print useful errors, WebSocket network error: OSStatus Error -9807: Invalid certificate chain isn't good enough.
Edit
This will be obvious to most people, but for those who aren't professional developers, make sure you don't deploy this change to production. You want to be using the wss protocol for production, and that should work fine on Safari if you've got your certificates set up properly.
We ran into this error, secure WebSockets weren't working in newer versions of OSX under Safari and Chrome, with a LetsEncrypt certificate. The fix for us was to replace references to "cert.pem" with "fullchain.pem", as described in this link https://munity.letsencrypt/t/issues-on-mac-with-wss-osstatus-error-9807-invalid-certificate-chain/160930