stackoom
  简体   繁体   中英

Installing custom SSL certificate in Node (UNABLE_TO_VERIFY_LEAF_SIGNATURE)

 原文  2017-12-31 07:10:20       javascript/ node.js/ ssl/ https

Question

I'm trying to access an API, but I'm getting the following error: 

{ FetchError: request to https://www.cryptopia.co.nz/api/GetMarkets failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (.../node_modules/node-fetch/index.js:133:11)
    at ClientRequest.emit (events.js:159:13)
    at TLSSocket.socketErrorListener (_http_client.js:389:9)
    at TLSSocket.emit (events.js:159:13)
    at emitErrorNT (internal/streams/destroy.js:64:8)
    at process._tickCallback (internal/process/next_tick.js:152:19)
  name: 'FetchError',
  message: 'request to https://www.cryptopia.co.nz/api/GetMarkets failed, reason: unable to verify the first certificate',
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

I tried using ssl-root-cas and I tried manually adding a certificate using NODE_EXTRA_CA_CERTS . Neither of these worked.

The API is for a cryptocurrency exchange. I can connect to it using Chrome. I used a few SSL scanners and I got "This server's certificate chain is incomplete." Here's the results for one of the scanners: https://www.ssllabs.com/ssltest/analyze.html?d=www.cryptopia.co.nz

After a bit of Googling, it looks like the error is caused by Node not downloading the intermediate certificate. Chrome downloaded it, so Chrome worked fine. I used Chrome to download the certificate as a .cer file, converted it to a .pem file using OpenSSL, then used Node's NODE_EXTRA_CA_CERTS to load it, but it didn't do anything.

How can I fix this issue?

I cannot make changes to the server. I contacted Cryptopia, but it'll probably take them weeks to respond. And obviously, I'm not going to disable strict SSL since I'm dealing with money.

1 answers

solution1
 1 ACCPTED  2017-12-31 08:35:31

You need to provide the whole CA chain to your application, ie both the missing intermediate CA certificate(s) and the root certificate: 

options=require('url').parse('https://www.cryptopia.co.nz/api/GetMarkets');
options.ca = require('fs').readFileSync('myca.pem');
require('https').get(options, (r) => { 
   console.log(r.headers) 
});

myca.pem is here the concatenation of the PEM representation for the certificates of the intermediate "COMODO RSA Extended Validation Secure Server CA" and the root "COMODO RSA Certification Authority". I've provided it as pastebin here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE NodeJS keep throwing `UNABLE_TO_VERIFY_LEAF_SIGNATURE` no matter what UNABLE_TO_VERIFY_LEAF_SIGNATURE k8s Javascript client Unable to verify leaf signature Unable to verify RSA-PSS signature in Node.js Verify a signature using a certificate RSA Javascript How to create a secured node websocket client (unable to verify the first certificate problem) Verify pubsubhubbub content signature in Node/Express strophe js not working after installing ssl certificate Error: unable to verify the first certificate in Nestjs
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM