Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when calling the Coinbase NODEJS API

Tags:

coinbase-api

Since yesterday 5:30 PM (Paris time), I get a UNABLE_TO_GET_ISSUER_CERT_LOCALLY when trying to list my accounts. I'm using the nodejs library, and it was working fine since several months.

The exact error from the client.getAccounts is :

{ Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1142:34)
    at TLSSocket.emit (events.js:188:13)
    at TLSSocket._finishInit (_tls_wrap.js:631:8) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }

Edit: I've just tried the same calls with the Python API, and it's working fine. So I feel like there is an issue currently with the Coinbase NodeJS API.

like image 951
JULIEN RZEZNIK Avatar asked Mar 18 '20 08:03

JULIEN RZEZNIK

2 Answers

According to Coinbase they updated their certificates at 10.30am PST yesterday. The node client has strictSSL set to true so requests will fail as the certificate chain fails.

Fix: when you initiate the client you can either set strictSSL to false or pass in the new valid certificates.

Set strictSSL to false:

var Client = require('coinbase').Client;
var client = new Client({
   apiKey: mykey, 
   apiSecret: mysecret,
   strictSSL: false
});

update cert files (you should be able to export them here - https://baltimore-cybertrust-root.chain-demos.digicert.com/ or try coinbase.com and export there):

var Client = require('coinbase').Client;
var client = new Client({
   apiKey: mykey, 
   apiSecret: mysecret,
   caFile: myNewCertFile
});

myNewCertFiles should follow this files format with the updated certs: https://github.com/coinbase/coinbase-node/blob/master/lib/CoinbaseCertStore.js

like image 184
user2249567 Avatar answered Sep 28 '22 03:09

user2249567

"What are the security risks (if any) associated with setting strictSSL to false? How do you "export" the new SSL certificates?"

The connection is encrypted, and TLS prevents tampering, BUT with strictSSL set to false it's theoretically possible to do a MITM (Man In The Middle) attack, since the SSL certificate is not fully checked to make sure it's authentic, some hoser (the man in the middle) could use a fake certificate. I'd switch it to get going, but get new certificates going as soon as possible.

like image 44
hwertz Avatar answered Sep 28 '22 04:09

hwertz
Sign in to Comment

Related questions

How to request access to all of the user accounts using wallet:accounts:read?
Coinbase Pro Sandbox: How to deposit test money?
GDAX api - Get Historic Rates returning inconsistent results
Coinbase API client.getAccount(...) started returning: "Error: unable to get local issuer certificate" [duplicate]
How to send FIX logon message with Python to GDAX/Coinbase
Retrieving All User Wallets through Coinbase iOS SDK
Coinbase Multiple Wallets
GDAX / Coinbase API authentication process: Unicode-objects must be encoded before hashing
Python TypeError - Expected bytes but got 'str' when trying to created signature

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!