Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Nodejs https request UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Tags:

node.js

https

ssl

OS: debian sid

Nodejs: v0.10.38

I have a request to a private service that use authentication:

var https = require('https');

var options = {
    host: 'private.service.com',
    path: '/accounts/' + '123323' + '/orders',
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Content-Length': 0,
        'Authorization': 'Bearer ' + 'asdsdgcvxcvxcv'
    }
};

var request = https.request(options, function (res) {
    console.log(res);
});

When i run the script, node throws this error:

events.js:72
    throw er; // Unhandled 'error' event
          ^
Error: UNABLE_TO_GET_ISSUER_CERT_LOCALLY
    at SecurePair.<anonymous> (tls.js:1381:32)
    at SecurePair.emit (events.js:92:17)
    at SecurePair.maybeInitFinished (tls.js:980:10)
    at CleartextStream.read [as _read] (tls.js:472:13)
    at CleartextStream.Readable.read (_stream_readable.js:341:10)
    at EncryptedStream.write [as _write] (tls.js:369:25)
    at doWrite (_stream_writable.js:226:10)
    at writeOrBuffer (_stream_writable.js:216:5)
    at EncryptedStream.Writable.write (_stream_writable.js:183:11)
    at write (_stream_readable.js:602:24)

The same exact script worked well for months, and i'm sure the authentication is correct. Today is the first time i have this situation.

Which can be the cause for this error?

like image 783
pietrovismara Avatar asked Jun 04 '15 18:06

pietrovismara


People also ask

What does Unable_to_get_issuer_cert_locally mean?

code UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This error means that there's a TLS certificate in the chain that is signed by an unknown certificate authority (CA). Presumably, this is the certificate used by one's HTTPS proxy. The solution is to configure the cafile value: $ npm config set cafile /path/to/your/file.pem.

What is Node_extra_ca_certs?

NODE_EXTRA_CA_CERTS. From Node version 7.3. 0, NODE_EXTRA_CA_CERTS environment variable is introduced to pass in a CA certificate file. This allows the “root” CAs to be extended with the extra certificates in the file. The file should consist of one or more trusted certificates in PEM format.

What is rejectUnauthorized?

rejectUnauthorized : If true , the server certificate is verified against the list of supplied CAs. An error event is emitted if verification fails; err. code contains the OpenSSL error code.


1 Answers

After some study i found that this is a problem of the server that i'm trying to make the https request to.

Node https cannot find the ssl ISSUER_CERT on the private.service server and so it throw that exception.

The solution i used, since i'm sure i can trust that server, was to add

            rejectUnauthorized: false

to the options of the https request, this way node will not throw an exception in case of certificates problem.

Anyway this solution is valid only if you know you can trust the host of your request, otherwise it's probably not the best solution.

like image 168
pietrovismara Avatar answered Sep 24 '22 01:09

pietrovismara