aacerox
HTTPS: unable to verify the first certificate error
When I try to request resources from a https server that has an own certificate (valid, not a self signed), apparrently I get an error : UNABLE_TO_VERIFY_LEAF_SIGNATURE
Details:
ERROR : { message: 'GENERAL ERROR : unable to verify the first certificate',
url: 'https://demo.tailorfit.eu/images/backdrop.png',
cause:
{ Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1181:34)
at TLSSocket.emit (events.js:197:13)
at TLSSocket.EventEmitter.emit (domain.js:446:20)
at TLSSocket._finishInit (_tls_wrap.js:672:8)
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
....
I tried to create a cert file from the intermediate and domain certificate, and add it as specified on the https lib, but this does not work...
Does this client lib not support adding the "ca" to the options ? e.g.
let options = {
connection: {
ca: fs.readFileSync(crt_file_fullpath)
}
}
...
let req = client.get(url, options, function (data, response) {
// ....
}),
Example of our CRT file: tailorfit.txt
This works with the plain https library ! e.g. via code:
var fs = require('fs');
var https = require('https');
var options = {
hostname: 'demo.tailorfit.eu',
port: 443,
path: '/images/backdrop.png',
method: 'GET',
ca: fs.readFileSync('tailorfit.txt')
};
var req = https.request(options, function(res) {
res.on('data', function(data) {
process.stdout.write(data);
});
});
req.end();
ADDENDUM:
It seems that is DOES work, but ONLY when you specify this as an option on the constructor of the Client:
const Client = require('node-rest-client').Client;
....
var client = new Client({
connection: {
ca: fs.readFileSync('tailorfit.txt')
}
});
...
let options = {
// other options...
}
...
let req = client.get(url, options, function (data, response) {
// .... no more errors !!!!
}),
So specifying it in the options of a specific request (get/post/...) does not take into account the CA that is imported...
