I am facing a problem with client side https requests.
A snippet can look like this:
var fs = require('fs'); var https = require('https'); var options = { hostname: 'someHostName.com', port: 443, path: '/path', method: 'GET', key: fs.readFileSync('key.key'), cert: fs.readFileSync('certificate.crt') } var requestGet = https.request(options, function(res){ console.log('resObj', res); }
What I get is Error: self signed certificate in certificate chain.
When I use Postman I can import the client certificate and key and use it without any problem. Is there any solution available?? I would also like to be given some lights on how postman handles the certificates and works.
The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.
In cryptography and computer security, self-signed certificates are public key certificates that their users issue on their own behalf, as opposed to a certificate authority (CA) issuing them. These certificates are easy to make and do not cost money. However, they do not provide any trust value.
env. NODE_EXTRA_CA_CERTS . process stores information about the node process running. env stores all the environment variables (that get populated by dotenv-webpack ).
From your question I'm guessing you are doing this in development as you are using a self signed certificate for SSL communication.
If that's the case, add as an environment variable wherever you are running node
export NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js
or running node directly with
NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js
This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority)
If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl
config you set to false
npm config set strict-ssl=false
If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).
let opts = { method: 'GET', hostname: "localhost", port: listener.address().port, path: '/', ca: fs.readFileSync("cacert.pem") }; https.request(opts, (response) => { }).end();
letsencrypt.org is free, easy to set up and the keys can be automatically rotated. https://letsencrypt.org/docs/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With