我要发送AJAX请求到使用自签名证书的REST API的网站。 问题是，当我第一次访问该网站则抱怨此证书的问题。当我做一个AJAX请求（不首先接受该证书），它静静地失败。

I'm trying to send AJAX requests to the REST API website that uses self-signed certificate. The problem is that when I first visit that website it is complaining about this certificate issue. When I do an AJAX request (without accepting this certificate first) it fails silently.

现在的问题是怎么做在这种情况下？我应该要求用户去这个网站，并接受此证书？有没有办法做，在优雅的方式？我知道这个证书应该已经摆在首位签约，但我没有访问到该网站。使用http不是一个选项。

The question is what to do in this case? Should I ask the user to go to this website and accept this certificate? Is there a way to do that in elegant way? I know that this certificate should have been signed in the first place, but I don't have an access to that website. Using http is not an option.

推荐答案

我有同样的问题多次。我能想出的最好成绩是这样的：检查是否有一个cookie，如果他们有它，什么也不做，如果他们没有它，发出重新定向到生成证书警告的网站，用户接受的自-signed证书，然后用户只需要回到你的网站。如果你有过API端的任何控制，你很可能让这个你有一个反弹的URL或东西，最终让用户返回到您的网站。真的是没有优雅的方式来处理这短短刚开一个真正的SSL证书的。在其他网站，我们最后不得不把一个纽带，以服务我们的页面这个原因，好在这只是暂时的，因为我们有在服务器端得控制，并计划与一个真实的替换自签名证​​书

I have had this same problem several times. The best I could come up with was something like this: check for a cookie, if they have it, do nothing, if they do not have it, issue a re-direct to the site that generates the cert warning, user accepts the self-signed cert, then the user just needs to go back to your site. If you had any control over the api side, you could probably make it so that you have a bounce back url or something that ends up getting the user back to your site. There really is no elegant way to handle this short of just getting a real SSL cert. On another site, we ended up having to put a link to the service on our page for this very reason, fortunately it was temporary as we had control over the server side too, and planned on replacing the self-signed cert with a real one.