Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nodejs - error self signed certificate in certificate chain

I am facing a problem with client side https requests.

A snippet can look like this:

var fs = require('fs'); var https = require('https');  var options = {     hostname: 'someHostName.com',     port: 443,     path: '/path',     method: 'GET',     key: fs.readFileSync('key.key'),     cert: fs.readFileSync('certificate.crt') }  var requestGet = https.request(options, function(res){     console.log('resObj', res); } 

What I get is Error: self signed certificate in certificate chain.

When I use Postman I can import the client certificate and key and use it without any problem. Is there any solution available?? I would also like to be given some lights on how postman handles the certificates and works.

like image 272
kDoyle Avatar asked Jul 13 '17 18:07

kDoyle


People also ask

How do you resolve certificate errors in a node js app with SSL calls?

The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.

What is self-signed certificate in chain?

In cryptography and computer security, self-signed certificates are public key certificates that their users issue on their own behalf, as opposed to a certificate authority (CA) issuing them. These certificates are easy to make and do not cost money. However, they do not provide any trust value.

What is Node_extra_ca_certs?

env. NODE_EXTRA_CA_CERTS . process stores information about the node process running. env stores all the environment variables (that get populated by dotenv-webpack ).


1 Answers

Option 1: Disable the warning (useful for dev)

From your question I'm guessing you are doing this in development as you are using a self signed certificate for SSL communication.

If that's the case, add as an environment variable wherever you are running node

export NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js 

or running node directly with

NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js 

This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority)

If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl config you set to false

npm config set strict-ssl=false 

Option 2: Load in CA cert, like postman (useful for testing with TLS)

If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).

 let opts = {     method: 'GET',     hostname: "localhost",     port: listener.address().port,     path: '/',     ca: fs.readFileSync("cacert.pem")   };    https.request(opts, (response) => { }).end(); 

Option 3: Use a proper SSL Cert from a trusted source (useful for production)

letsencrypt.org is free, easy to set up and the keys can be automatically rotated. https://letsencrypt.org/docs/

like image 135
Peter Grainger Avatar answered Sep 20 '22 09:09

Peter Grainger