Menu
I have some opensource project, that has WebUI based on NodeJS. When I want to access it I can observe this logs in WebUI:
error: httpsServer Exception: on clientError:Error: 140446233978688:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:s3_pkt.c:1487:SSL alert number 46 Aug 19 11:49:41 node[18614]: 140446233978688:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:s3_pkt.c:1210:
This issue observed only using Google Chrome (Using Firefox or Safari didn't generate this exceptions in logs). All browsers marked self-signed root certificate as invalid. My question - How can I make WebUI to ignore this exceptions? This WebUI only accessible from local net and I don't want to sign certificates for money. Thanks.
280
asked Aug 19 '19 12:08
This article covers the SSL alert number 40, which could show up when the upstream server's TLS configuration is unable to handle the requested domain.
node.js - SSL alert number 46. Alert certificate unknown. How to ignore this exceptions? - Stack Overflow SSL alert number 46. Alert certificate unknown. How to ignore this exceptions? Bookmark this question. Show activity on this post. I have some opensource project, that has WebUI based on NodeJS.
You get the error about certificate unknown from the server, so it refers to the validation of your client certificate on the server side and not to the (successful) validation of the servers certificate at the client side. That means the server does not like your client certificate.
See SSL support. A certificate was corrupt, contained signatures that did not verify correctly, or had other problems. A certificate was of an unsupported type. A certificate was revoked by its signer. A certificate has expired or is not currently valid.
- Yes, this is correct. @SteffenUllrich, While using a wildcard certificate for example *.abcnet.abc.com I'm getting "SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown". But for domain like "xyz.abcnet.abc.com" there is no such error.
You cannot ignore this exception in your application since the problem is not caused by the application itself. Instead this alert is generated by the browser during the TLS handshake: the browser tells the server this way that it will not accept the certificate sent by the server. After this alert is sent the browser will close the connection. Even if you somehow ignore this exception in your node.js code you will not able to communicate with the browser - because it is the browser which is refusing the communication.
The only way to fix this problem is to use a certificate trusted by the browser. In case of a self-signed certificate this means that you either have to import the certificate into the browser as trusted (in which case Subject Alternative Names in certificate must match the URL) or you add an explicit exception at the warning dialog you get when visiting the site.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
