OS: debian sid
Nodejs: v0.10.38
I have a request to a private service that use authentication:
var https = require('https');
var options = {
host: 'private.service.com',
path: '/accounts/' + '123323' + '/orders',
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': 0,
'Authorization': 'Bearer ' + 'asdsdgcvxcvxcv'
}
};
var request = https.request(options, function (res) {
console.log(res);
});
When i run the script, node throws this error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: UNABLE_TO_GET_ISSUER_CERT_LOCALLY
at SecurePair.<anonymous> (tls.js:1381:32)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:980:10)
at CleartextStream.read [as _read] (tls.js:472:13)
at CleartextStream.Readable.read (_stream_readable.js:341:10)
at EncryptedStream.write [as _write] (tls.js:369:25)
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:602:24)
The same exact script worked well for months, and i'm sure the authentication is correct. Today is the first time i have this situation.
Which can be the cause for this error?
code UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This error means that there's a TLS certificate in the chain that is signed by an unknown certificate authority (CA). Presumably, this is the certificate used by one's HTTPS proxy. The solution is to configure the cafile value: $ npm config set cafile /path/to/your/file.pem.
NODE_EXTRA_CA_CERTS. From Node version 7.3. 0, NODE_EXTRA_CA_CERTS environment variable is introduced to pass in a CA certificate file. This allows the “root” CAs to be extended with the extra certificates in the file. The file should consist of one or more trusted certificates in PEM format.
rejectUnauthorized : If true , the server certificate is verified against the list of supplied CAs. An error event is emitted if verification fails; err. code contains the OpenSSL error code.
After some study i found that this is a problem of the server that i'm trying to make the https request to.
Node https cannot find the ssl ISSUER_CERT on the private.service server and so it throw that exception.
The solution i used, since i'm sure i can trust that server, was to add
rejectUnauthorized: false
to the options of the https request, this way node will not throw an exception in case of certificates problem.
Anyway this solution is valid only if you know you can trust the host of your request, otherwise it's probably not the best solution.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With