SERVERLESS: Error: RequestError: self signed certificate in certificate chain - node.js

I am trying to create a serverless project. But it gives an error when giving the serverless command on the cmd. Please help me to solve this.
first I installed the serverless with 'npm install -g serverless' command. Then I gave 'serverless' command. So following error was displayed on the cmd.
C:\Geethma\myFiles\serverlessTutorial>serverless
Creating a new serverless project
? What do you want to make? AWS - Node.js - Starter
? What do you want to call this project? aws-node-project
Environment: win32, node 16.15.0, framework 3.18.2, plugin 6.2.2, SDK 4.3.2
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
RequestError: self signed certificate in certificate chain
at ClientRequest.<anonymous> (C:\Users\geethma.rathnayake\AppData\Roaming\npm\node_modules\serverless\node_modules\got\dist\source\core\index.js:962:111)
at Object.onceWrapper (node:events:642:26)
at ClientRequest.emit (node:events:539:35)
at ClientRequest.emit (node:domain:475:12)
at ClientRequest.origin.emit (C:\Users\geethma.rathnayake\AppData\Roaming\npm\node_modules\serverless\node_modules\#szmarczak\http-timer\dist\source\index.js:43:20)
at TLSSocket.socketErrorListener (node:_http_client:454:9)
at TLSSocket.emit (node:events:527:28)
at TLSSocket.emit (node:domain:475:12)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
at TLSSocket.onConnectSecure (node:_tls_wrap:1532:34)
at TLSSocket.emit (node:events:527:28)
at TLSSocket.emit (node:domain:475:12)
at TLSSocket._finishInit (node:_tls_wrap:946:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)

If you're using a machine provided by an employer, they may have installed self-signed SSL certificates in order to connect to internal systems or run fleet management software.
You can override strict checking in Node by either prepending the command with NODE_TLS_REJECT_UNAUTHORIZED=0 serverless, or permanently with npm config set strict-ssl false.

I had checked with Aaron's answer, but it didn't work for my case.
Issue on my side was with my company's VPN, as it was blocking sending/receiving the data. I went with the below steps that solved my issue.
Solution
Try disabling the VPN.
Run the command again.
Verify if it works.
Also make sure that your IAM user has necessary privileges to perform this by attaching necessary policy in the AWS's IAM User page.

Related

Using REST API for Jira with node

I'd like to collect information from privately installed Jira server but I've got a problem doing it.
Of course, I can connect the the site using my Chrome browser and it also find calling REST API from the browser address bar - https://myjiraaddr/rest/api/2/search
Sending REST API request using curl works okay with -u option(username:password) from command line.
But if I try it using nodejs and got an error says self signed certificate in certificate chain.
Can anybody please explain what makes these differences and how to fix it?
Thanks in advance :)
JiraApi = require('jira').JiraApi;
var jira = new JiraApi('https', 'myjiraaddress', 443, 'username', 'password', '2.0.alpha1');
jira.getCurrentUser(function(error, issue) {
console.log(error);
});
it prints...
Status: Error: self signed certificate in certificate chain
And error if I use jira-client npm package...
RequestError: Error: self signed certificate in certificate chain
at new RequestError (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/errors.js:14:15)
at Request.plumbing.callback (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/plumbing.js:87:29)
at Request.RP$callback [as _callback] (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/plumbing.js:46:31)
at self.callback (/Users/hyoon/dev/node/work-tracker/node_modules/request/request.js:185:22)
at Request.emit (events.js:310:20)
at Request.onRequestError (/Users/hyoon/dev/node/work-tracker/node_modules/request/request.js:877:8)
at ClientRequest.emit (events.js:310:20)
at TLSSocket.socketErrorListener (_http_client.js:426:9)
at TLSSocket.emit (events.js:310:20)
at emitErrorNT (internal/streams/destroy.js:92:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
at processTicksAndRejections (internal/process/task_queues.js:84:21) {
cause: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
},
error: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
},
If you're dealing with a self-signed certificate you can bypass the strict-check by setting the strictSSL option to false, as described in the docs:
const jira = new JiraApi('https', 'myjiraaddress', 443, 'username', 'password', '2.0.alpha1', false, false);
If you do not want to bypass the check, you probably have to fork the library and modify the way the request is set up in order to add your certificate. See this question for more information: How do I use the node.js request module to make an SSL call with my own certificate?

NodeJs Unable to make Self Signed Cert work with windows 10

I've been working on this issue on and off for a few months now I am a point where I need this to work. I have solved this issue with git but not nodejs. An Internal url we have is using a Self-Signed cert because its internal use only. I need to use node to communicate with the url. I've tried to set NODE_EXTRA_CA_CERTS many times with nothing working. One way was suggected to set the environemnt value this way
[Environment]::SetEnvironmentVariable("NODE_EXTRA_CA_CERTS", "C:\Temp\NodeCertFix\selfSignedCert.cer", "Machine") I have confirmed that the cert is a base64 cert, same as a .pem in Linux. No Matter what i do i can't get it to work.
events.js:180
throw er; // Unhandled 'error' event
^
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1317:34)
at TLSSocket.emit (events.js:203:13)
at TLSSocket._finishInit (_tls_wrap.js:792:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:606:12) Emitted 'error' event at:
at TLSSocket.socketErrorListener (_http_client.js:399:9)
at TLSSocket.emit (events.js:203:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at processTicksAndRejections (internal/process/task_queues.js:77:11) { code:
'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
Did you try the nodejs-self-signed-certificate-example package from npm?

hyperledger fabric calling enrollment endpoint failed with error

I was trying to deploy hyperledger fabric on multiple hosts using this code and used the balance transfer chaincode using node-SDK. While I tried to enroll the user, I got the following error:
[2019-01-10 18:12:20.635] [ERROR] Helper -
[FabricCAClientService.js]: Failed to enroll admin, error:Error:
Calling enrollment endpoint failed with error [Error: write EPROTO
140678895621952:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown
protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:
]
at ClientRequest.request.on (/home/muzzam/Downloads/hlf-docker-swarm/hlf-app/node_modules/fabric-ca-client/lib/FabricCAClient.js:492:12)
at emitOne (events.js:116:13)
at ClientRequest.emit (events.js:211:7)
at TLSSocket.socketErrorListener (_http_client.js:387:9)
at emitOne (events.js:116:13)
at TLSSocket.emit (events.js:211:7)
at onwriteError (_stream_writable.js:417:12)
at onwrite (_stream_writable.js:439:5)
at _destroy (internal/streams/destroy.js:39:7)
at TLSSocket.Socket._destroy (net.js:568:3)
can anyone give me an idea of what could be going wrong? If you need any of my configuration file, i can provide that
I was able to find my error.
I was not setting the TLS enabled parameter in docker containing CA service.
You need to set the following properties in yaml file containg the CA services:
environment:
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=<location to certificate file>
- FABRIC_CA_SERVER_TLS_KEYFILE=<location to key file>

Using tinyreq/cheerio is there a way to bypass the certificate chain on a site?

I am trying scrape a site and I'm using both npm modules tinyreq/cheerio as noted on this blog post
The site I am trying to scrape uses TLS I run into the following error below:
Error: self signed certificate in certificate chain
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'SELF_SIGNED_CERT_IN_CHAIN'
Is there a way I can bypass this in node? Or would I have to include the actual cert within the script?

Error: certificate has expired in Node

My production node app on Heroku randomly started throwing the following error:
Error: certificate has expired
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1060:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:584:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
Creating a pool connected to blah.thing.com:port
Running migrations for database 'app_name'...
events.js:160
throw er; // Unhandled 'error' event
^
I'm confused by two things. My certificate is up to date, so I don't know why it's saying it's expired, and second, the only two files called "events.js" in my app directory are in two seemingly irrelevant node modules (inquirer and twilio) and don't even have a line 160. What might be the cause of this and how should I even debug it?
edit: In addition, it's just the production app (of course), not staging or local, which is odd because staging and production both point to the same certificate.
I had similar error in my project
Error: certificate has expired
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
it turned out that the problem was in the external service that was used for tracking user events (Amplitude). Their Sectigo's legacy AddTrust External CA Root certificate had expired which impacted many companies across the internet. To resolve that issue they had upgraded their package with the new endpoint and a new certificate.
So if someone encounters similar issue, first think of all possible external services that are used within the app.
I had the same problem, for me a remote "playground" server got expired certificate. (a server to which node was trying to connect through a web-socket)

Resources