Our company has built an application that is currently used by many banks. Recently, we have updated the application to change from a thick client to a thin client using … (read more)
Our company has built an application that is currently used by many banks. Recently, we have updated the application to change from a thick client to a thin client using web browsers. The web based client communicates via SignalR to a local windows service that gets installed in order to talk with a check scanner. The web application is served as an HTTPS web site and the local window service which uses SignalR also runs via HTTPS. When the local windows service is installed, a self-signed certificate is generated and installed on the local computer.
When the web client is run on a Mozilla Firefox web browser, a security exception must be manually added for the localhost URL of the SignalR service. The problem is that in the Add Security Exception dialog, the following text is displayed by Firefox: “You are about to override how Firefox identifies this site. Legitimate banks, stores, and other public sites will not ask you to do this.” Since our applications are used and hosted by banks, this message is not true in our case.
We cannot install a unique signed certificate for every client, which is why we generate a self-signed certificate. We cannot host the local windows service running as just under HTTP, because then the web client cannot communicate with the local windows service due to mixed content security violation. We know the shield in address box on Firefox can disable the protection, but this would have to be done every time.
Is there an alternative to the text in the Add Security Exception from being displayed? Or do you have another suggestion on how to get around this issue? Or can the text in the Add Security Exception dialog box be modified?