Parse Server connect to remote database over SSL - node.js

I have been using Parse Server locally without any issues until I enabled SSL. Now I have a number of unauthorized and other errors that prevent me connecting to the remote DB.
The database is hosted with NodeChef and they provide a sslCAFile which I have tried to add to my Parse Server config as advised here. However, I am still unable to connect and am getting the following errors in terminal.
warn: Unabled to ensure uniqueness for user email addresses: Error:
unable to get issuer certificate
at Error (native)
at TLSSocket. (_tls_wrap.js:1000:38)
at emitNone (events.js:67:13)
at TLSSocket.emit (events.js:166:7)
at TLSSocket._finishInit (_tls_wrap.js:567:8)
error: Uncaught internal server error. { [MongoError: unable to get issuer certificate]
name: 'MongoError',
message: 'unable to get issuer certificate' } Error: unable to get issuer certificate
at Error (native)
at TLSSocket. (_tls_wrap.js:1000:38)
at emitNone (events.js:67:13)
at TLSSocket.emit (events.js:166:7)
at TLSSocket._finishInit (_tls_wrap.js:567:8)
My Parse Server config looks like this:
var api = new ParseServer({
databaseURI: databaseUri || '',
databaseOptions: {
mongos: {
ssl: true,
sslValidate: true,
allowConnectionsWithoutCertificates: true,
sslCA: [fs.readFileSync('SSLCA.pem')] // cert from nodechef dashboard
}
},
cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
appId: process.env.APP_ID
})
I have tried changing the server URL to HTTPS on both the client and the server and every combination in between to no avail.
Many thanks.

The issue was that I still had a legacy javascript key set. If this optional param set in the Parse Server initialization option then it it completely refuses to connect (quite rightly) using the new JS Client, for which you only need an App ID and Initialisation function.
I can confirm that I didn't need a certificate to connect to my remote database at NodeChef using ?ssl=true in my connection string.
Although embarrassing I'll leave this here, may help someone.

Related

NodeJS and SQL Server : unable to connect when in a Docker Container

I have a NodeJS app that works fine when run standalone on a server. When I run it in a docker container it displays the following error message:
ConnectionError: Failed to connect to TEXTREPLACED:undefined - socket hang up
at /app/node_modules/mssql/lib/tedious/connection-pool.js:71:17
at Connection.onConnect (/app/node_modules/tedious/lib/connection.js:1037:9)
at Object.onceWrapper (node:events:514:26)
at Connection.emit (node:events:394:28)
at Connection.emit (/app/node_modules/tedious/lib/connection.js:1065:18)
at Connection.socketError (/app/node_modules/tedious/lib/connection.js:1663:12)
at Connection.socketEnd (/app/node_modules/tedious/lib/connection.js:1693:12)
at Socket. (/app/node_modules/tedious/lib/connection.js:1433:14)
at Socket.emit (node:events:406:35)
at endReadableNT (node:internal/streams/readable:1331:12) {
code: 'ESOCKET',
originalError: ConnectionError: Failed to connect to TEXTREPLACED:undefined - socket hang up
at ConnectionError (/app/node_modules/tedious/lib/errors.js:13:12)
at Connection.socketError (/app/node_modules/tedious/lib/connection.js:1663:56)
at Connection.socketEnd (/app/node_modules/tedious/lib/connection.js:1693:12)
at Socket. (/app/node_modules/tedious/lib/connection.js:1433:14)
at Socket.emit (node:events:406:35)
at endReadableNT (node:internal/streams/readable:1331:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
code: 'ESOCKET'
}
}
My connection code is:
const sqlConfig = {
user: 'LOGIN',
password: 'PASSWORD',
server: 'SERVER\\INSTANCE',
database: 'DATABASE',
debug:true,
port: 1433,
driver:'tedious',
pool:{
idleTimeoutMillis: 1000
},
options:{
port:1433,
enableArithAbort:true,
encrypt:true,
trustServerCertificate:true,
instanceName:'INSTANCE',
database:'DATABASE',
debug:{
packet: true,
data:true,
payload:true,
token:true,
log:true
}
}
};
const global_pool = new sql.ConnectionPool(sqlConfig);
var global_pool_con = null;
try {
global_pool_con = global_pool.connect();
}catch{
console.log(err);
}
Dockerfile
# Use Node base image
FROM node:latest
#ports
EXPOSE 3000
EXPOSE 1433
WORKDIR /app
COPY package.json /app
RUN npm install
COPY . /app
USER node
CMD [run, script, release]
The "release" script runs the initial js file.
Confusingly the error shows "undefined" instead of a port number. I have used both host and bridge connections with the ports 1433 and 3000 (HAPI) routed and confirmed the ports are exposed in the dockerfile.
Considering that it works when standalone i'm presuming that a docker setting somewhere it's causing the issue.
Update: The TLS/SSL negotiation packet is being sent but is not received
State change: SentPrelogin -> SentTLSSSLNegotiation
Update: The SQL Server is displaying this error in the event logs when the dockerised app attempts to connect.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Thanks to everyone for your help.
The resolution for this was to update the openSSL.cnf file, it had additional lines in it from the source image that weren't required.

CERT_HAS_EXPIRED error when a POST request is made through npm request module on Nodejs, Certificate is valid however

when i call a POST endpoint from npm request module in my nodejs app (hosted on elasticbeanstalk aws). it gives me CERT_HAS_EXPIRED error, however my ssl certificate is valid and works perfectly when someone visit our site.
this started happening randomly 3 days earlier.
does anyone know what can be done? to fix it?
{ Error: certificate has expired
at TLSSocket.<anonymous> (_tls_wrap.js:1088:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:188:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'CERT_HAS_EXPIRED' }
So #Salahi's comment was correct, support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT
it wasn't a problem on our end, but one of the root certificates expired for the services we were trying to access, and therefore were receiving this error.

Unable to verify first certificate error in Node js on a particular network

I am getting unable to verify first certificate error when I am trying to connect to IBM Cloud Object Storage using Node.js sdk on a work network. However I don't get this error when using other networks such as my phone's and Public Wi-Fi.
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
at TLSSocket.emit (events.js:223:5)
at TLSSocket.EventEmitter.emit (domain.js:475:20)
at TLSSocket._finishInit (_tls_wrap.js:794:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
message: 'unable to verify the first certificate',
code: 'NetworkingError',
region: 'us-east-1',
hostname: '***************.s3.us-south.cloud-object-storage.appdomain.cloud',
retryable: true,
time: 2020-02-03T06:58:45.578Z
}

Nodejs Bull queue not connecting to Azure

When changing the settings inside the new bull Queue object, I get an error in the console. When running Bull Queue locally the application works perfectly fine. As soon as I change the credentials to Azure, I get the error below. When running locally I run the redis-server but not when using the Azure credentials.
I have tried the example tutorial, on the Azure website, with nodejs and the redis npm package, and the Azure redis cache works perfectly fine. Therefore, I am left to believe that I am doing something wrong in the config. I have also tried adding "maxRetriesPerRequest" and "enableReadyCheck" to the redis object however, they have had no effect. I also make sure I execute the done function within the process function.
const queue = new Queue('sendQueue', {
defaultJobOptions: { removeOnComplete: true },
redis: {
port: env.AZURE_REDIS_PORT,
host: env.AZURE_REDIS_HOST,
password: env.AZURE_REDIS_PASSWORD
},
});
at Queue.<anonymous> (/Users/abc/Projects/Sean/dist/tasks/sendQueue.js:47:11)
at Queue.emit (events.js:208:15)
at Redis.emit (events.js:203:13)
at Redis.silentEmit (/Users/abc/Projects/Sean/node_modules/ioredis/built/redis/index.js:482:26)
at Socket.<anonymous> (/Users/abc/Projects/Sean/node_modules/ioredis/built/redis/event_handler.js:122:14)
at Object.onceWrapper (events.js:291:20)
at Socket.emit (events.js:203:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at processTicksAndRejections (internal/process/task_queues.js:77:11)
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:183:27)
Try to add configuration for TLS when using Azure redis cache. Should be the same config value as host. I did not manage to get a connection without it.
var notificationQueue = new Queue('notifications', {
redis: {
port: Number(process.env.REDIS_PORT),
host: process.env.REDIS_HOST,
password: process.env.REDIS_PASS,
tls: {
servername: process.env.REDIS_HOST
}
}});

Trying to connect node.js app to AWS IoT, but get error "unable to get local issuer certificate"

I'm trying to connect to AWS IoT from a node.js application using the aws-iot-device-sdk. I want to publish messages to the AWS MQTT Broker.
However, I keep getting an error message saying "unable to get local issuer certificate"
events.js:174
throw er; // Unhandled 'error' event
^
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1051:34)
at TLSSocket.emit (events.js:189:13)
at TLSSocket.EventEmitter.emit (domain.js:441:20)
at TLSSocket._finishInit (_tls_wrap.js:633:8)
Emitted 'error' event at:
at MqttClient.<anonymous> (/Users/****/node_modules/aws-iot-device-sdk/device/index.js:808:12)
at MqttClient.emit (events.js:189:13)
at MqttClient.EventEmitter.emit (domain.js:441:20)
at TLSSocket.handleTLSerrors (****/node_modules/aws-iot-device-sdk/device/lib/tls.js:29:18)
at TLSSocket.emit (events.js:194:15)
at TLSSocket.EventEmitter.emit (domain.js:441:20)
at emitErrorNT (internal/streams/destroy.js:82:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
at process._tickCallback (internal/process/next_tick.js:63:19)
I have created my device (there is no real one, just mimicking), registered it in AWS IoT, created the certificate, private and public key, added a policy to the certificate.
I also downloaded the Amazon Root CA 1 from https://www.amazontrust.com/repository/AmazonRootCA1.pem .
Now here comes my question (sorry if it's a silly one): How, in what format do I save the certificate? I just copied the text to a file and called the file root_ca.pem .
I have also tried different formats of the keys and certificates (xxx.key.pem or root_ca.crt).
const topic = 'uniqueClientId/#/1/' + anotherUniqueId + '/myTopicName';
AWS.config.region = 'us-east-1';
let device = awsIot.device({
keyPath: './Certs/****-private.key',
certPath: './Certs/****-certificate.pem',
caPath: './Certs/root_ca.pem',
clientId: 'myUniqueClientId',
host: 'myhost.iot.us-east-1.amazonaws.com' // NOTE: got this value with `aws iot describe-endpoint`
});
device
.on('connect', function() {
console.log('connect');
device.publish(topic, JSON.stringify({ test_data: 1}));
});
What I would like to see is the test message in the MQTT Broker in the Amazon console.
But I can't seem to succeed with connecting to AWS IoT.
Please bear with me if something is missing. I'm quite a beginner and this here is my first post on StackOverflow. So, grateful if any of you could help me out here or point me in a direction.

Resources