I have 2 Node.js applications accessible via HTTPS . I'm currently using self-signed certificates for those services. Manual access (via a browser or Postman) to those services work as expected (with the usual security warnings about self-signed certificates, etc.).
But as for now, I cannot have one application communicate with the other via HTTPS. Here's my current code:
// Request parameters and options
const https = require('https');
const postData = JSON.stringify(myPostData);
const options = {
hostname: '...',
port: ...,
path: '...',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': postData.length,
},
rejectUnauthorized: false,
};
let str = '';
const req = https.request(options, (res) => {
// Assembling response data...
res.on('data', chunk => str += chunk );
res.on('end', () => {
console.log('Received:', str);
});
});
// Error handling
req.on('error', (e) => {
console.error(e);
});
// Sending payload and terminating
req.write(postData);
req.end();
Question
This works, but only because I use rejectUnauthorized: false
.
How can I avoid to use this option? I see that I can provide a cert
option (in https.RequestOptions
), but I'm unsure of how to use it. As I created the self-signed certificate, I possess every pieces of it.
My cert file, named selfsigned.crt
, looks like this (and has Unix EOL):
-----BEGIN CERTIFICATE-----
MFoXDTI0MTEyNTE3NTczMFowgYcxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNB
QGNlbmVhdS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrP3Hy
........... lots of lines ......................................
zI2hWprwsM3PGb0DLCqlotqdoxu59PQRC7aj/yb11HyfyYO9hvFmjGPkmN6T0+r6
VQQGEwJGUjENMAs/Qs7p+B9/+taee8iPWpk=
-----END CERTIFICATE-----
I have tried these solutions:
ca
and/or cert
request options (see their description ) - I know this is actually taken into account, as if the string is malformed, the error is different (and related to the certificate format)update-ca-certificates
All of those solutions change nothing to the outcome:
code: DEPTH_ZERO_SELF_SIGNED_CERT
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
As for now, I still don't have a working solution.
Bonus question! I'm very surprised how messy a simple call can look, all chronologically upside-down it gets with the callbacks. Is there a cleaner way to proceed a HTTPS call? => request-promise
might be an option, as indicated by jfriend00
This option can be set to pass the extra certs
process.env["NODE_EXTRA_CA_CERTS"] = "some/path/to/ssl.crt"
This option can completely disable the ssl errors (not recommended)
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.