If your web application page loads but you can't initialize with the FCSDK with the error ERR_INSECURE_RESPONSE, similar to the following:
Then it is likely you are making a secure Web Socket connection but the certificate provided by the server is not trusted by your client machine. The server in this situation could either be FAS or a HTTP reverse proxy between FAS and the client.
If either of the following points are true a certificate will not be trusted:
- The certificate provided by the server is not signed by a trusted Certificate Authority. In this situation you can add the certificate's root certificate (or the certificate itself in the case of self signed certificates) to the client's Truststore.
- The host specified in the Web Socket URL does not match that specified in the server's https certificate. This includes specifying an IP address for the web socket connection but the certificate CN containing the FQDN, or vice versa, the address must be an exact match.
In the case of the FCSDK sample application you need to ensure the host address in the externalGwURL specified in the csdksample-db.xml matches the host address in the certificate provided by the server, leaving the default value https:/gateway will also work. When developing your own application you need to set your urlSchemeDetails to match the host in the certificate, see the Developing FCSDK Guide for details.
Please see the FAS Administrator Guide for information on viewing and manipulating the FAS certificates.
Note: You will not see the error if you have previously made an exception of the provided certificate in the browser session. e.g. clicking Proceed Anyway when you see the following:
Firefox will add the certificate to it's trust store when you Add Exception, so the certificate will be trusted beyond the current browser session.
Comments
0 comments
Please sign in to leave a comment.