Connections Fail Using Test Certificate

The SocketTools server components can use self-signed certificates to enable secure connections without requiring that you purchase and install a certificate from a Certificate Authority. These certificates are installed on the local host, and are typically used for testing purposes. However, when attempting to connect to the server using Chrome or Firefox, an error is returning specifying that the certificate is invalid.

More Information

After following the instructions to create a self-signed certificate, attempting to use that certificate with the SocketTools HttpServer component results in an error when using Chrome or Firefox. Chrome will report ERR_CERT_COMMON_NAME_INVALID and Firefox will report SEC_ERR_UNKNOWN_ISSUER. In the case of Chrome, this error occurs because they have deprecated the use of the common name field and the test certificate does not have a subjectAlternativeName field.

The workaround for this is to create a registry entry that tells Chrome it should accept locally-installed certificates with a matching host name. Copy the following registry script text to a file named ChromeCommonNames.reg and then double-click on the file in WIndows Explorer to add it to the registry:

Windows Registry Editor Version 5.00


With Firefox, the solution is to import the local test certificate. Open Firefox, select Options and scroll down to the bottom where you should see a View Certificates button. Click this, and it will open the Firefox Certificate Manager. Select the Servers tab, and then click Add Exception. Make sure you have your server running, and provide the URL to your server, such as https://localhost/ and click Get Certificate. Check the “Permanently store this exception” option and confirm the exception. This will add your test certificate to the list of trusted certificates and Firefox will permit the connection.

See Also

Creating A TLS Server Certificate
Local Connections Using Microsoft Edge