Today I received the following error in my node js express server: unable to get local issuer certificate.
After some research I found out, that the expression process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; allows any unauthorized certificates. This works, but I would like to add a certificate to my service.
So I found this ticket/ answer (https://stackoverflow.com/a/44726189/17330227) which explains how to add a certificate. I have done the steps one by one and am now stuck on the last one. You have to insert the certificate under cafile. For this I used the command npm config set cafile "C:\Users\...\Certificate.cer". Unfortunately I got the initial error message again and looked at the changes with npm config ls -l. At the entry cafile it says the following ; cafile = null ; overridden by user. Furthermore I get the following output cafile = "C:\Users\...Certificate.cer and ...\Certificate.cer = "".
Apparently I am doing something wrong in the "Add Certificate" step. I have tried different notations of the path, nothing works. If someone can help me, that would be great - thanks!
Related
Currently we need to ignore the strict-ssl false configuration from our .npmrc file in order to have secure connection to our private npm registry hosted in Jfrog.
I tried pointing the cert.pem file by using npm config set cafile and also
export NODE_EXTRA_CA_CERTS= both does not work.
Nodejs 12.
Could anyone please help me to solve this issue as im getting blocked a long time due to this.
You can just use:
set NODE_EXTRA_CA_CERTS="path to yourrootcertificate.pem or yourrootcertificate.cer>"
or
npm config set cafile "path toyourrootcertificate.pem or yourrootcertificate.cer"
I'm using signtool to sign an executable on Windows 10, using a GlobalSign certificate. This has worked like a charm for years. Recently it has stopped working. Using the following command line:
signtool.exe sign /a /v /n SomeName /tr http://timestamp.globalsign.com/scripts/timstamp.dll some.exe
I see that the correct certificate is selected, but then get the following error message:
Error information: "SignerTimeStampEx2() failed." (-2145844844/0x80190194)
SignTool Error: An unexpected internal error has occurred.
Any idea what it means and how to fix it? The Microsoft Documentation unfortunately does not list any error codes.
I had the same issue. I think the Globalsign server may have been upgraded at some point and now needs different parameters for signtool.
See: https://support.globalsign.com/code-signing/code-signing-windows-7-8-and-10
Not sure if all these steps were needed but this worked for me:
I re-issued the certificate
I changed the timestamp url to: http://rfc3161timestamp.globalsign.com/advanced
I added: /td SHA256
I removed the reference to the cross certificate
See: https://support.globalsign.com/code-signing/code-signing-windows-7-8-and-10
I have this website (let's call it a.com) which is on AWS. It is done using NodeJs backend and view front end. It is calling another system API (let's call it b.com) for the DATA from some other URL.
This site was working fine. We updated SSL certificate of site b.com and now site a.com is not able to receive data from site b.com.
When I checked the error log on AWS, this is the error I found:
RequestError: Error: unable to verify the first certificate
at new RequestError (/var/app/current/node_modules/request-promise-core/lib/errors.js:14:15)
at Request.plumbing.callback (/var/app/current/node_modules/request-promise-core/lib/plumbing.js:87:29)
at Request.RP$callback [as _callback] (/var/app/current/node_modules/request-promise-core/lib/plumbing.js:46:31)
at self.callback (/var/app/current/node_modules/request/request.js:185:22)
at emitOne (events.js:116:13)
What can be the issue?
Can I do any settings on my NodeJs server to load data from b.com?
The site is working fine on my localhost.
As the error message says, there are problems validating the SSL certificate of b.com.
I see you're using request library, so as a workaround you could pass strictSSL: false in options:
{
url: 'https://b.com',
method: 'GET',
...
strictSSL: false
}
Necessary warning: Turning off all SSL certificate validation is dangerous. A MiTM attack (e.g. a sniffer/spoofer on your local network) can read or replace any of your data if you do it. Don't do it if you can help it.
A better solution: export or otherwise set NODE_EXTRA_CA_CERTS environment variable for your process, and point it to a working root certificate CAs file.
Configuration equivalent: npm config set cafile "<path to certificate file>"
A worse solution workaround: export or otherwise set NODE_TLS_REJECT_UNAUTHORIZED=0 environment variable.
Configuration equivalent: npm config set strict-ssl false. This may not work for installation scripts that ignore the configuration.
I've followed the getting started guide to deploy a nodejs application to heroku:
I reached to this stage in the tutorial
When I try to write the command:
heroku create
It gives me this error:
UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
What can be the problem?
Try to do this:
Edit Git config text file (with my favorite line-ending neutral app like Notepad++) located at:
C:\Program Files (x86)\Git\etc\gitconfig
In the [http] block, add an option to disable sslVerify. It looked like this when I was done:
[http]
sslVerify = false
sslCAinfo = /bin/curl-ca-bundle.crt
The answer is related to this
The problem was that I have a web filter on my internet, A content filter and it was blocking the command
heroku create
from going through.
Run the following line:
npm config set strict-ssl false
For Windows 10:
Go to System variable (Windows logo key > type: "environment variables" > click Environment Variables button)
Check/Set Variable SSL_CERT_DIR=YourCetrFolder
Certificate folder Example:
What might cause this? I list two certificate files in ~/TC/bin and I see them.
~/TC/bin$ ls
cert.pem key.pem
I try to read those files from ~/TC/server.js
var credentials = {
key: fs.readFileSync('bin/key.pem'),
cert: fs.readFileSync('bin/cert.pem')
};
I get an error message saying they're not found. I suspect it may be caused by file permissions though I'm not certain how to appropriately adjust it for something like a secure key asset.
Error: ENOENT: no such file or directory, open 'bin/key.pem'
when you're not providing slash at the begining you're telling node that he should look for node module (npm). Try with ./ as a start. So './bin/key.pem'