I've been working on this issue on and off for a few months now I am a point where I need this to work. I have solved this issue with git but not nodejs. An Internal url we have is using a Self-Signed cert because its internal use only. I need to use node to communicate with the url. I've tried to set NODE_EXTRA_CA_CERTS many times with nothing working. One way was suggected to set the environemnt value this way
[Environment]::SetEnvironmentVariable("NODE_EXTRA_CA_CERTS", "C:\Temp\NodeCertFix\selfSignedCert.cer", "Machine") I have confirmed that the cert is a base64 cert, same as a .pem in Linux. No Matter what i do i can't get it to work.
events.js:180
throw er; // Unhandled 'error' event
^
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1317:34)
at TLSSocket.emit (events.js:203:13)
at TLSSocket._finishInit (_tls_wrap.js:792:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:606:12) Emitted 'error' event at:
at TLSSocket.socketErrorListener (_http_client.js:399:9)
at TLSSocket.emit (events.js:203:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at processTicksAndRejections (internal/process/task_queues.js:77:11) { code:
'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
Did you try the nodejs-self-signed-certificate-example package from npm?
Related
I am trying to create a serverless project. But it gives an error when giving the serverless command on the cmd. Please help me to solve this.
first I installed the serverless with 'npm install -g serverless' command. Then I gave 'serverless' command. So following error was displayed on the cmd.
C:\Geethma\myFiles\serverlessTutorial>serverless
Creating a new serverless project
? What do you want to make? AWS - Node.js - Starter
? What do you want to call this project? aws-node-project
Environment: win32, node 16.15.0, framework 3.18.2, plugin 6.2.2, SDK 4.3.2
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
RequestError: self signed certificate in certificate chain
at ClientRequest.<anonymous> (C:\Users\geethma.rathnayake\AppData\Roaming\npm\node_modules\serverless\node_modules\got\dist\source\core\index.js:962:111)
at Object.onceWrapper (node:events:642:26)
at ClientRequest.emit (node:events:539:35)
at ClientRequest.emit (node:domain:475:12)
at ClientRequest.origin.emit (C:\Users\geethma.rathnayake\AppData\Roaming\npm\node_modules\serverless\node_modules\#szmarczak\http-timer\dist\source\index.js:43:20)
at TLSSocket.socketErrorListener (node:_http_client:454:9)
at TLSSocket.emit (node:events:527:28)
at TLSSocket.emit (node:domain:475:12)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
at TLSSocket.onConnectSecure (node:_tls_wrap:1532:34)
at TLSSocket.emit (node:events:527:28)
at TLSSocket.emit (node:domain:475:12)
at TLSSocket._finishInit (node:_tls_wrap:946:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)
If you're using a machine provided by an employer, they may have installed self-signed SSL certificates in order to connect to internal systems or run fleet management software.
You can override strict checking in Node by either prepending the command with NODE_TLS_REJECT_UNAUTHORIZED=0 serverless, or permanently with npm config set strict-ssl false.
I had checked with Aaron's answer, but it didn't work for my case.
Issue on my side was with my company's VPN, as it was blocking sending/receiving the data. I went with the below steps that solved my issue.
Solution
Try disabling the VPN.
Run the command again.
Verify if it works.
Also make sure that your IAM user has necessary privileges to perform this by attaching necessary policy in the AWS's IAM User page.
I'd like to collect information from privately installed Jira server but I've got a problem doing it.
Of course, I can connect the the site using my Chrome browser and it also find calling REST API from the browser address bar - https://myjiraaddr/rest/api/2/search
Sending REST API request using curl works okay with -u option(username:password) from command line.
But if I try it using nodejs and got an error says self signed certificate in certificate chain.
Can anybody please explain what makes these differences and how to fix it?
Thanks in advance :)
JiraApi = require('jira').JiraApi;
var jira = new JiraApi('https', 'myjiraaddress', 443, 'username', 'password', '2.0.alpha1');
jira.getCurrentUser(function(error, issue) {
console.log(error);
});
it prints...
Status: Error: self signed certificate in certificate chain
And error if I use jira-client npm package...
RequestError: Error: self signed certificate in certificate chain
at new RequestError (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/errors.js:14:15)
at Request.plumbing.callback (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/plumbing.js:87:29)
at Request.RP$callback [as _callback] (/Users/hyoon/dev/node/work-tracker/node_modules/request-promise-core/lib/plumbing.js:46:31)
at self.callback (/Users/hyoon/dev/node/work-tracker/node_modules/request/request.js:185:22)
at Request.emit (events.js:310:20)
at Request.onRequestError (/Users/hyoon/dev/node/work-tracker/node_modules/request/request.js:877:8)
at ClientRequest.emit (events.js:310:20)
at TLSSocket.socketErrorListener (_http_client.js:426:9)
at TLSSocket.emit (events.js:310:20)
at emitErrorNT (internal/streams/destroy.js:92:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
at processTicksAndRejections (internal/process/task_queues.js:84:21) {
cause: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
},
error: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
},
If you're dealing with a self-signed certificate you can bypass the strict-check by setting the strictSSL option to false, as described in the docs:
const jira = new JiraApi('https', 'myjiraaddress', 443, 'username', 'password', '2.0.alpha1', false, false);
If you do not want to bypass the check, you probably have to fork the library and modify the way the request is set up in order to add your certificate. See this question for more information: How do I use the node.js request module to make an SSL call with my own certificate?
I'm trying to setup a Node.js Websocket server over at my webhost (Namecheap). However, I am getting this error:
events.js:292
throw er; // Unhandled 'error' event
^
Error: Unexpected server response: 301
at ClientRequest.<anonymous> (D:\****\node_modules\ws\lib\websocket.js:576:7)
at ClientRequest.emit (events.js:315:20)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:596:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:119:17)
at TLSSocket.socketOnData (_http_client.js:469:22)
at TLSSocket.emit (events.js:315:20)
at addChunk (_stream_readable.js:295:12)
at readableAddChunk (_stream_readable.js:271:9)
at TLSSocket.Readable.push (_stream_readable.js:212:10)
at TLSWrap.onStreamRead (internal/stream_base_commons.js:186:23)
Emitted 'error' event on WebSocket instance at:
at abortHandshake (D:\****\node_modules\ws\lib\websocket.js:694:15)
at ClientRequest.<anonymous> (D:\****\node_modules\ws\lib\websocket.js:576:7)
[... lines matching original stack trace ...]
at TLSSocket.Readable.push (_stream_readable.js:212:10)
The code for the client and server came from here:
https://github.com/websockets/ws#Simple server
https://github.com/websockets/ws#sending-and-receiving-text-data
with ws://www.host.com/path changed to ws://<mydomainname>/<dir1>/<dir2>
Both client and server code runs properly when run locally. Http related code runs properly when used on my webhost. I am trying to get the client code to run locally and connect via websockets to my server hosted at Namecheap.
I suspect something related to the server is preventing connection. I'd ask support but I doubt if they can resolve this. Maybe there's a locked feature or something? Is there something else I could have missed?
Websockets cannot work on Namecheap's hosted servers. Their incoming ports are blocked and cannot be opened for security reasons per their customer's support.
If anyone is looking for a solution just in case, try out a Heroku free account.
I'm trying to connect to AWS IoT from a node.js application using the aws-iot-device-sdk. I want to publish messages to the AWS MQTT Broker.
However, I keep getting an error message saying "unable to get local issuer certificate"
events.js:174
throw er; // Unhandled 'error' event
^
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1051:34)
at TLSSocket.emit (events.js:189:13)
at TLSSocket.EventEmitter.emit (domain.js:441:20)
at TLSSocket._finishInit (_tls_wrap.js:633:8)
Emitted 'error' event at:
at MqttClient.<anonymous> (/Users/****/node_modules/aws-iot-device-sdk/device/index.js:808:12)
at MqttClient.emit (events.js:189:13)
at MqttClient.EventEmitter.emit (domain.js:441:20)
at TLSSocket.handleTLSerrors (****/node_modules/aws-iot-device-sdk/device/lib/tls.js:29:18)
at TLSSocket.emit (events.js:194:15)
at TLSSocket.EventEmitter.emit (domain.js:441:20)
at emitErrorNT (internal/streams/destroy.js:82:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
at process._tickCallback (internal/process/next_tick.js:63:19)
I have created my device (there is no real one, just mimicking), registered it in AWS IoT, created the certificate, private and public key, added a policy to the certificate.
I also downloaded the Amazon Root CA 1 from https://www.amazontrust.com/repository/AmazonRootCA1.pem .
Now here comes my question (sorry if it's a silly one): How, in what format do I save the certificate? I just copied the text to a file and called the file root_ca.pem .
I have also tried different formats of the keys and certificates (xxx.key.pem or root_ca.crt).
const topic = 'uniqueClientId/#/1/' + anotherUniqueId + '/myTopicName';
AWS.config.region = 'us-east-1';
let device = awsIot.device({
keyPath: './Certs/****-private.key',
certPath: './Certs/****-certificate.pem',
caPath: './Certs/root_ca.pem',
clientId: 'myUniqueClientId',
host: 'myhost.iot.us-east-1.amazonaws.com' // NOTE: got this value with `aws iot describe-endpoint`
});
device
.on('connect', function() {
console.log('connect');
device.publish(topic, JSON.stringify({ test_data: 1}));
});
What I would like to see is the test message in the MQTT Broker in the Amazon console.
But I can't seem to succeed with connecting to AWS IoT.
Please bear with me if something is missing. I'm quite a beginner and this here is my first post on StackOverflow. So, grateful if any of you could help me out here or point me in a direction.
My production node app on Heroku randomly started throwing the following error:
Error: certificate has expired
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1060:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:584:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
Creating a pool connected to blah.thing.com:port
Running migrations for database 'app_name'...
events.js:160
throw er; // Unhandled 'error' event
^
I'm confused by two things. My certificate is up to date, so I don't know why it's saying it's expired, and second, the only two files called "events.js" in my app directory are in two seemingly irrelevant node modules (inquirer and twilio) and don't even have a line 160. What might be the cause of this and how should I even debug it?
edit: In addition, it's just the production app (of course), not staging or local, which is odd because staging and production both point to the same certificate.
I had similar error in my project
Error: certificate has expired
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
it turned out that the problem was in the external service that was used for tracking user events (Amplitude). Their Sectigo's legacy AddTrust External CA Root certificate had expired which impacted many companies across the internet. To resolve that issue they had upgraded their package with the new endpoint and a new certificate.
So if someone encounters similar issue, first think of all possible external services that are used within the app.
I had the same problem, for me a remote "playground" server got expired certificate. (a server to which node was trying to connect through a web-socket)