Getting “CERT_UNTRUSTED” error when executing a server side HTTPS request in Node.JS application?
Question
My Node.JS/Express application is getting the following error when attempting an HTTPS GET request from my server code, to an API served by another server (different company, server not owned by us):
CERT_UNTRUSTED
NOTE: I am running these tests from my Linux box using the "localhost" domain.
I tried the steps outlined in this article to create a self-signed temporary certificate, just to get around this problem:
http://www.hacksparrow.com/node-js-https-ssl-certificate.html
However, I still get the error. (Side note: since I created the server with SSL keys loaded using the HTTPS module, the server only responds to HTTPS (https://) URL requests now. The server does not respond anymore to non-HTTPS requests anymore since I configured it to load my SSL PEM files when creating the server. Oddly enough it prints two "listening-to server on port " prompts when it used to print only one).
How can I fix this?
NOTE: The host name property in the options object in the code below has been changed to a "dummy" URL because it is confidential. If you try the URL you will get an error.
Code excerpts:
var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';
var httpsOptions = {
hostname: dummyHostName,
port: 80,
method: 'GET',
path: '/search?text=test',
headers: {
// Request JSON response.
'Content-Type': 'application/json',
'Upgrade-Insecure-Requests': '1',
'json': 'true'
}};
var httpsReq =
https.request(httpsOptions,
function (resHttp) {
// This block is never reached due to the error.
}
I tried installing the ssl-root-cas NPM package as per this document:
https://github.com/coolaj86/node-ssl-root-cas
But I could not figure out what PEM files I needed to load under the USAGE section in the instructions, which show dummy file names, so I don't think I'm using it properly.
Here is my package list for the app:
├─┬ body-parser@1.13.3
│ ├── bytes@2.1.0
│ ├── content-type@1.0.1
│ ├── depd@1.0.1
│ ├─┬ http-errors@1.3.1
│ │ ├── inherits@2.0.1
│ │ └── statuses@1.2.1
│ ├── iconv-lite@0.4.11
│ ├─┬ on-finished@2.3.0
│ │ └── ee-first@1.1.1
│ ├── qs@4.0.0
│ ├─┬ raw-body@2.1.6
│ │ ├── bytes@2.3.0
│ │ ├── iconv-lite@0.4.13
│ │ └── unpipe@1.0.0
│ └─┬ type-is@1.6.12
│ ├── media-typer@0.3.0
│ └─┬ mime-types@2.1.10
│ └── mime-db@1.22.0
├─┬ cookie-parser@1.3.5
│ ├── cookie@0.1.3
│ └── cookie-signature@1.0.6
├─┬ debug@2.2.0
│ └── ms@0.7.1
├─┬ express@4.13.4
│ ├─┬ accepts@1.2.13
│ │ ├─┬ mime-types@2.1.10
│ │ │ └── mime-db@1.22.0
│ │ └── negotiator@0.5.3
│ ├── array-flatten@1.1.1
│ ├── content-disposition@0.5.1
│ ├── content-type@1.0.1
│ ├── cookie@0.1.5
│ ├── cookie-signature@1.0.6
│ ├── depd@1.1.0
│ ├── escape-html@1.0.3
│ ├── etag@1.7.0
│ ├─┬ finalhandler@0.4.1
│ │ └── unpipe@1.0.0
│ ├── fresh@0.3.0
│ ├── merge-descriptors@1.0.1
│ ├── methods@1.1.2
│ ├─┬ on-finished@2.3.0
│ │ └── ee-first@1.1.1
│ ├── parseurl@1.3.1
│ ├── path-to-regexp@0.1.7
│ ├─┬ proxy-addr@1.0.10
│ │ ├── forwarded@0.1.0
│ │ └── ipaddr.js@1.0.5
│ ├── qs@4.0.0
│ ├── range-parser@1.0.3
│ ├─┬ send@0.13.1
│ │ ├── destroy@1.0.4
│ │ ├─┬ http-errors@1.3.1
│ │ │ └── inherits@2.0.1
│ │ ├── mime@1.3.4
│ │ ├── ms@0.7.1
│ │ └── statuses@1.2.1
│ ├── serve-static@1.10.2
│ ├─┬ type-is@1.6.12
│ │ ├── media-typer@0.3.0
│ │ └─┬ mime-types@2.1.10
│ │ └── mime-db@1.22.0
│ ├── utils-merge@1.0.0
│ └── vary@1.0.1
├─┬ glob@7.0.3
│ ├─┬ inflight@1.0.4
│ │ └── wrappy@1.0.1
│ ├── inherits@2.0.1
│ ├─┬ minimatch@3.0.0
│ │ └─┬ brace-expansion@1.1.3
│ │ ├── balanced-match@0.3.0
│ │ └── concat-map@0.0.1
│ ├─┬ once@1.3.3
│ │ └── wrappy@1.0.1
│ └── path-is-absolute@1.0.0
├── http-status-codes@1.0.6
├─┬ jade@1.11.0
│ ├── character-parser@1.2.1
│ ├─┬ clean-css@3.4.12
│ │ ├─┬ commander@2.8.1
│ │ │ └── graceful-readlink@1.0.1
│ │ └─┬ source-map@0.4.4
│ │ └── amdefine@1.0.0
│ ├── commander@2.6.0
│ ├─┬ constantinople@3.0.2
│ │ └── acorn@2.7.0
│ ├─┬ jstransformer@0.0.2
│ │ ├── is-promise@2.1.0
│ │ └─┬ promise@6.1.0
│ │ └── asap@1.0.0
│ ├─┬ mkdirp@0.5.1
│ │ └── minimist@0.0.8
│ ├─┬ transformers@2.1.0
│ │ ├─┬ css@1.0.8
│ │ │ ├── css-parse@1.0.4
│ │ │ └── css-stringify@1.0.5
│ │ ├─┬ promise@2.0.0
│ │ │ └── is-promise@1.0.1
│ │ └─┬ uglify-js@2.2.5
│ │ ├─┬ optimist@0.3.7
│ │ │ └── wordwrap@0.0.3
│ │ └─┬ source-map@0.1.43
│ │ └── amdefine@1.0.0
│ ├─┬ uglify-js@2.6.2
│ │ ├── async@0.2.10
│ │ ├── source-map@0.5.3
│ │ ├── uglify-to-browserify@1.0.2
│ │ └─┬ yargs@3.10.0
│ │ ├── camelcase@1.2.1
│ │ ├─┬ cliui@2.1.0
│ │ │ ├─┬ center-align@0.1.3
│ │ │ │ ├─┬ align-text@0.1.4
│ │ │ │ │ ├─┬ kind-of@3.0.2
│ │ │ │ │ │ └── is-buffer@1.1.3
│ │ │ │ │ ├── longest@1.0.1
│ │ │ │ │ └── repeat-string@1.5.4
│ │ │ │ └── lazy-cache@1.0.3
│ │ │ ├─┬ right-align@0.1.3
│ │ │ │ └─┬ align-text@0.1.4
│ │ │ │ ├─┬ kind-of@3.0.2
│ │ │ │ │ └── is-buffer@1.1.3
│ │ │ │ ├── longest@1.0.1
│ │ │ │ └── repeat-string@1.5.4
│ │ │ └── wordwrap@0.0.2
│ │ ├── decamelize@1.2.0
│ │ └── window-size@0.1.0
│ ├── void-elements@2.0.1
│ └─┬ with@4.0.3
│ ├── acorn@1.2.2
│ └─┬ acorn-globals@1.0.9
│ └── acorn@2.7.0
├── jsonfile@2.2.3
├─┬ morgan@1.6.1
│ ├── basic-auth@1.0.3
│ ├── depd@1.0.1
│ ├─┬ on-finished@2.3.0
│ │ └── ee-first@1.1.1
│ └── on-headers@1.0.1
├─┬ scribe-js@2.0.4
│ ├── callsite@1.0.0
│ ├── colors@1.1.2
│ ├─┬ mkdirp@0.5.1
│ │ └── minimist@0.0.8
│ └── moment@2.12.0
├─┬ serve-favicon@2.3.0
│ ├── etag@1.7.0
│ ├── fresh@0.3.0
│ ├── ms@0.7.1
│ └── parseurl@1.3.1
└─┬ ssl-root-cas@1.2.2
├── bluebird@3.4.6
└─┬ request@2.74.0
├── aws-sign2@0.6.0
├── aws4@1.4.1
├─┬ bl@1.1.2
│ └─┬ readable-stream@2.0.6
│ ├── core-util-is@1.0.2
│ ├── inherits@2.0.1
│ ├── isarray@1.0.0
│ ├── process-nextick-args@1.0.7
│ ├── string_decoder@0.10.31
│ └── util-deprecate@1.0.2
├── caseless@0.11.0
├─┬ combined-stream@1.0.5
│ └── delayed-stream@1.0.0
├── extend@3.0.0
├── forever-agent@0.6.1
├─┬ form-data@1.0.1
│ └─┬ async@2.0.1
│ └── lodash@4.15.0
├─┬ har-validator@2.0.6
│ ├─┬ chalk@1.1.3
│ │ ├── ansi-styles@2.2.1
│ │ ├── escape-string-regexp@1.0.5
│ │ ├─┬ has-ansi@2.0.0
│ │ │ └── ansi-regex@2.0.0
│ │ ├─┬ strip-ansi@3.0.1
│ │ │ └── ansi-regex@2.0.0
│ │ └── supports-color@2.0.0
│ ├─┬ commander@2.9.0
│ │ └── graceful-readlink@1.0.1
│ ├─┬ is-my-json-valid@2.13.1
│ │ ├── generate-function@2.0.0
│ │ ├─┬ generate-object-property@1.2.0
│ │ │ └── is-property@1.0.2
│ │ ├── jsonpointer@2.0.0
│ │ └── xtend@4.0.1
│ └─┬ pinkie-promise@2.0.1
│ └── pinkie@2.0.4
├─┬ hawk@3.1.3
│ ├── boom@2.10.1
│ ├── cryptiles@2.0.5
│ ├── hoek@2.16.3
│ └── sntp@1.0.9
├─┬ http-signature@1.1.1
│ ├── assert-plus@0.2.0
│ ├─┬ jsprim@1.3.0
│ │ ├── extsprintf@1.0.2
│ │ ├── json-schema@0.2.2
│ │ └── verror@1.3.6
│ └─┬ sshpk@1.10.0
│ ├── asn1@0.2.3
│ ├── assert-plus@1.0.0
│ ├─┬ bcrypt-pbkdf@1.0.0
│ │ └── tweetnacl@0.14.3
│ ├── dashdash@1.14.0
│ ├── ecc-jsbn@0.1.1
│ ├── getpass@0.1.6
│ ├── jodid25519@1.0.2
│ ├── jsbn@0.1.0
│ └── tweetnacl@0.13.3
├── is-typedarray@1.0.0
├── isstream@0.1.2
├── json-stringify-safe@5.0.1
├─┬ mime-types@2.1.11
│ └── mime-db@1.23.0
├── node-uuid@1.4.7
├── oauth-sign@0.8.2
├── qs@6.2.1
├── stringstream@0.0.5
├── tough-cookie@2.3.1
└── tunnel-agent@0.4.3
1 answers
solution1
1 2016-09-06 03:19:51
If you have a server that is using self signed certificate (or the domain of the server is not same as defined in the URL), than it is just encrypting the data but not identifying itself. That is why node.js will error that request, but if you want to ignore that issue (which basically from your question that is what I understand), you can pass the following property in your httpsOptions:
rejectUnauthorized=false
See more info at:
https://nodejs.org/api/https.html#https_https_request_options_callback
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.