Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS: unable to verify the first certificate error #206

Open
CajunDust opened this issue Jul 29, 2019 · 2 comments
Open

HTTPS: unable to verify the first certificate error #206

CajunDust opened this issue Jul 29, 2019 · 2 comments

Comments

@CajunDust
Copy link

When I try to request resources from a https server that has an own certificate (valid, not a self signed), apparrently I get an error : UNABLE_TO_VERIFY_LEAF_SIGNATURE

Details:

ERROR :  { message: 'GENERAL ERROR : unable to verify the first certificate',
  url: 'https://demo.tailorfit.eu/images/backdrop.png',
  cause:
   { Error: unable to verify the first certificate
       at TLSSocket.onConnectSecure (_tls_wrap.js:1181:34)
       at TLSSocket.emit (events.js:197:13)
       at TLSSocket.EventEmitter.emit (domain.js:446:20)
       at TLSSocket._finishInit (_tls_wrap.js:672:8)
     code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
    ....

I tried to create a cert file from the intermediate and domain certificate, and add it as specified on the https lib, but this does not work...

Does this client lib not support adding the "ca" to the options ?
e.g.

let options = {
   connection: {
      ca: fs.readFileSync(crt_file_fullpath)
   }
}
...
 let req = client.get(url, options, function (data, response) {
    // ....
 }),

Example of our CRT file: tailorfit.txt

This works with the plain https library !
e.g. via code:

var fs = require('fs');
var https = require('https');
var options = {
   hostname: 'demo.tailorfit.eu',
   port: 443,
   path: '/images/backdrop.png',
   method: 'GET',
   ca: fs.readFileSync('tailorfit.txt')
};
var req = https.request(options, function(res) {
   res.on('data', function(data) {
       process.stdout.write(data);
   });
});
req.end();
@CajunDust
Copy link
Author

ADDENDUM:

It seems that is DOES work, but ONLY when you specify this as an option on the constructor of the Client:

const Client = require('node-rest-client').Client;
....
var client = new Client({
    connection: {
        ca: fs.readFileSync('tailorfit.txt')
    }
});

...
let options = {
   // other options...
}
...
let req = client.get(url, options, function (data, response) {
    // .... no more errors !!!!
 }),

So specifying it in the options of a specific request (get/post/...) does not take into account the CA that is imported...

@Joseph244
Copy link

可否给个详细的配置说面,关于https的说明一点都没有呢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Joseph244 @CajunDust