Menu
I've been using https://github.com/mikeal/request to make calls to a REST API
When I make a GET request over HTTPS with { strictSSL: false } specified in the options. I get the response I'm after and all is fine.
However, If I make a POST request also with strictSSL specified I receive an error SELF_SIGNED_CERT_IN_CHAIN
Here an example of what I've been using:
request.post({url: url, headers: headers, strictSSL: false}, function (err, response, body) {
});
Does any body know why it works for GET requests and no POST
660
The error SELF_SIGNED_CERT_IN_CHAIN means that you have self signed certificate in certificate chain which is basically not trusted by the system.
This warning is actually a good thing, because this scenario might also rise due to a man-in-the-middle attack. To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.
The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.
A self-signed certificate is an SSL certificate not signed by a publicly trusted certificate authority (CA) but by one's own private key. The certificate is not validated by a third party and is generally used in low-risk internal networks or in the software development phase.
One option that is useful when using self signed certs is to set the following environment variable:
export NODE_TLS_REJECT_UNAUTHORIZED=0
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
