Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unable to verify leaf signature

Tags:

javascript

node.js

ssl

request

Note: the following is dangerous, and will allow API content to be intercepted and modified between the client and the server.

This also worked

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';


It's not an issue with the application, but with the certificate which is signed by an intermediary CA. If you accept that fact and still want to proceed, add the following to request options: 

rejectUnauthorized: false

Full request:

request({
    "rejectUnauthorized": false,
    "url": domain+"/api/orders/originator/"+id,
    "method": "GET",
    "headers":{
        "X-API-VERSION": 1,
        "X-API-KEY": key
    },
}, function(err, response, body){
    console.log(err);
    console.log(response);
    console.log(body);
});

The Secure Solution

Rather than turning off security you can add the necessary certificates to the chain. First install ssl-root-cas package from npm:

npm install ssl-root-cas

This package contains many intermediary certificates that browsers trust but node doesn't.

var sslRootCAs = require('ssl-root-cas/latest')
sslRootCAs.inject()

Will add the missing certificates. See here for more info:

https://git.coolaj86.com/coolaj86/ssl-root-cas.js


CoolAJ86's solution is correct and it does not compromise your security like disabling all checks using rejectUnauthorized or NODE_TLS_REJECT_UNAUTHORIZED. Still, you may need to inject an additional CA's certificate explicitly.

I tried first the root CAs included by the ssl-root-cas module:

require('ssl-root-cas/latest')
  .inject();

I still ended up with the UNABLE_TO_VERIFY_LEAF_SIGNATURE error. Then I found out who issued the certificate for the web site I was connecting to by the COMODO SSL Analyzer, downloaded the certificate of that authority and tried to add only that one:

require('ssl-root-cas/latest')
  .addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');

I ended up with another error: CERT_UNTRUSTED. Finally, I injected the additional root CAs and included "my" (apparently intermediary) CA, which worked:

require('ssl-root-cas/latest')
  .inject()
  .addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');

For Create React App (where this error occurs too and this question is the #1 Google result), you are probably using HTTPS=true npm start and a proxy (in package.json) which goes to some HTTPS API which itself is self-signed, when in development.

If that's the case, consider changing proxy like this:

"proxy": {
  "/api": {
    "target": "https://localhost:5001",
    "secure": false
  }
}

secure decides whether the WebPack proxy checks the certificate chain or not and disabling that ensures the API self-signed certificate is not verified so that you get your data.

Related questions

How to prevent sticky hover effects for buttons on touch devices
Best place to insert the Google Analytics code [duplicate]
Difference between console.log() and console.debug()?
OpenLayers vs Google Maps? [closed]
Resolving require paths with webpack
How to use setInterval and clearInterval?
Call multiple functions onClick ReactJS
Return index of greatest value in an array
How do I zip two arrays in JavaScript?
Default values for Vue component props & how to check if a user did not set the prop?
How to check whether a script is running under Node.js?
Why is <= slower than < using this code snippet in V8?
How to simulate target="_blank" in JavaScript
Calling a JavaScript function named in a variable [duplicate]
'react-scripts' is not recognized as an internal or external command
Convert a binary NodeJS Buffer to JavaScript ArrayBuffer
How to redirect to another page using AngularJS?
What can service workers do that web workers cannot?
Define global variable with webpack
ReactJS - Get Height of an element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!