smee.io icon indicating copy to clipboard operation
smee.io copied to clipboard
verified publisher icon probot

local https with trusted certificate

Open rokonec opened this issue 5 years ago • 3 comments

Hello,

I am having issue to connect to local service running at SSL.

Forwarding https://smee.io/xxxx to https://localhost:44310/api/webhooks/incoming/github
Connected https://smee.io/xxxxx
Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1475:34)
    at TLSSocket.emit (events.js:321:20)
    at TLSSocket._finishInit (_tls_wrap.js:918:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:688:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  response: undefined

I need to run this on local SSL as this service uses OAUth authentification with other services, which requires SSL redirect.

Thanks a lot for help. Roman

rokonec avatar Feb 12 '20 21:02 rokonec

Hi,

@rokonec Did you get any solution for this. I have my ssl enabled Jenkins and I want to connect smee with it. I have added NODE_EXTRA_CA_CERTS but getting the same issue as above. Please let me know if you have sort this out

ishagarg01 avatar Apr 30 '20 18:04 ishagarg01

Hi, @IshaGarg2504 Sorry but I have not found a solution. I had to resolve to testing locally over non SSL and then use trace logging on SSL web deployed at Azure.

rokonec avatar May 01 '20 21:05 rokonec

There are a few ways to do this.

You can try setting NODE_EXTRA_CA_CERTS=/path/to/exported_cert.pem (as @IshaGarg2504 suggested).

A lot of people run into issues with this method and its usually because of the way the certificate was generated. It needs to be either the full certificate full CA Chain or at least the Root CA certificate. You also need to be running Node 7.3.0 or above.

You could also set NODE_TLS_REJECT_UNAUTHORIZED=0. This should work, but its not recommended as it disables HTTPs validation for all of node and it'll make your app insecure. This will make node log a warning: Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. Definitely don't use this method in production 😀.

If you have your API running locally, one easy way to make it https with a valid certificate to use expose.sh.

You can run expose 80 then it'll generate a public HTTPs URL which will forward to localhost that you can use for testing your API, like https://a8kc.expose.sh.

There is a guide here.

robbie-cahill avatar Jul 12 '20 10:07 robbie-cahill