Socket.io (Browser to NodeJS) self-signed CA no connection with HTTP, internal server

Question

I'm trying to connect from a website to a NodeJS-Server, using socket.io. Both are hosted on the same machine in the local network.

The encryption of the data is crutial because some of the data are very sensitive.

So I implemented a self-signed SSL cert for this website and set up the sockets to use it as well. It works fine, the only problem is that Chrome is telling that the website is not secure (because it's not an official certificate). So I re-enabled HTTP connection for that website while still using the SSL encryption for the socket connection.

This also works fine, but only if the user first visited the HTTPS website and accepted the certificate.

Manually accepting the certificate, installing it or ignoring the "Not Secure" warning of the browser are no accepteable solutions (enterprise application).

Is there a way for the sockets to automatically accept the certificate? Any other solutions are also welcome, it hasn't to be SSL, the traffic (sockets are enough) only has to be encrypted.

Frontend Code:

socketSSL = io.connect('https://192.168.178.10:14444');

NodeJS Code:

var https = require('https');
var express = require('express');
var app = express();
var options = { key: privateKey, cert: certificate };
server = https.createServer(options, app);
server.listen(dstPort);

Answer 1

On a webbrowser you cannot automatically bypass the security check for a self-signed-cert.

If you need to secure the data then just use "aes-256" encryption and decryption between sender and receiver.

But either way the crypt key will be exposed on network.

Thus if it is for dev/debug purpose then its alright. But if your going to production environment then it is highly recommended to have a valid Certificate signed by a valid CA.