Hi, I use client certificates to access reverse proxies services which include websockets. Unfortunately the websocket connections fail because they applications don’t understand that they have to provide a client certificate.
Can i make the websocket not require a certificate but have everything else do?
I might be wrong, but I don’t think that’s possible. Websockets work on the same ports as HTTP(S), and are compatible with it. I don’t think you can even determine whether an incoming connection will be used as a websocket prior to TLS negotiation, which would be necessary in order to disable a client certificate requirement (which is handled during TLS negotiation). You’d need to put your websockets on a different listener (either hostname or port, perhaps), but if it’s going straight to a reverse proxy, you’d just lose your security since a client can just connect to the unauthenticated listener.