Nodejs - error self signed certificate in certificate chain

Asked
Active3 hr before
Viewed126 times

7 Answers

nodejserror
90%

What I get is Error: self signed certificate in certificate chain.,In linux there is an easy way to get the certificate, use this post: Use self signed certificate with cURL?,This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority),Turning off verification is quite a dangerous thing to do. Much better to verify the certificate.

If that's the case, add as an environment variable wherever you are running node

export NODE_TLS_REJECT_UNAUTHORIZED = '0'
node app.js

or running node directly with

NODE_TLS_REJECT_UNAUTHORIZED = '0'
node app.js

If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl config you set to false

npm config set strict - ssl = false

If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).

 let opts = {
    method: 'GET',
    hostname: "localhost",
    port: listener.address().port,
    path: '/',
    ca: fs.readFileSync("cacert.pem")
 };

 https.request(opts, (response) => {}).end();
load more v
88%

I worked for a company that has a hard Information Security policy. Since it’s a big company, it has a strong firewall that covers all layers at the network. Thus, each package that comes from the internet is intercepted and opened by that firewall.,So what are the risks with bypassing? The reason is that the packages come with a certificate and you should ensure that this certificate is valid so that you prevent the “man-in-the-middle” attack. It means that the certificate attached to the package is a way to be sure that the package was not modified from the origin to the destination (your machine). A package can go through a bunch of network nodes before it arrives in your machine. You may have hackers trying to inject malicious code into your package.,However, this is a certificate that is provided by our own company. When this package arrives in our machine, it comes with our own self-signed certificate. If you click on the lock icon near the URL address bar, you can see the certificate information.,Broadly, whenever a packet goes under an SSL/TSL connection, the firewall needs to “open” it to check the content and “close” again attaching a new certificate to not break the protocol. Just to clarify, when you make an HTTPS request, you are using an SSL/TSL connection actually.

Bypassing (risky!)

npm config set strict - ssl false--global
load more v
72%

Hello @KFSys, I am having similar error connecting to mongodb database, which follows same procedure. can you tell me how can I generate certificate using lets encrypt for the connection?,Using the same certificate i got after making the mysql managed cluster in DO control panel…, 3 nickynick December 10, 2019 Using the same certificate i got after making the mysql managed cluster in DO control panel… Reply Report ,I’m experiencing the exact same issue. The certificate provided by DO doesn’t make a connection possible from my local computer to the managed DB. I’d really appreciate some input on how to use it within a node.js application and one of the available mysql drivers.

Here is my connection code :

        this.connection = mysql.createConnection({
           host: 'xxxx.db.ondigitalocean.com',
           user: 'doadmin',
           port: 25060,
           password: 'xxxx',
           dialect: 'mysql',
           force: true,
           ssl: {
              cert: fs.readFileSync(__dirname + '/ca-certificate.crt'),
           }

        });

Here is the error im getting

(node: 5676) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain
load more v
65%

this seems to be connected to the Node.js environment and the SSL communication. There is different ways this can be resolved and this thread goes into detail, how the problem can be resolved: https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-chain,I try to configure Storyblok with Next.js following this tutorial https://www.storyblok.com/tp/next-js-react-guide#connecting-storyblok-with-next-js and when I have everything set I get the following error: `Server Error Error: self signed certificate in certificate chain

this seems to be connected to the Node.js environment and the SSL communication. There is different ways this can be resolved and this thread goes into detail, how the problem can be resolved: https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-chain

The easiet would probably to try and run npm config set strict-ssl=false and see if that helps to resolve the issue.

 npm config set strict - ssl = false
75%

So now you have to use either the ca option or the NODE_EXTRA_CA_CERTS, but you may still receive the same errors. It is normally caused by the incorrect certificate being used. For the ca option or the extra certs to work, we need to get the full CA Chain or at least the Root CA certificate.,You can use OpenSSL to retrieve the Full CA Chain as following:,Please note that the extra certificates won’t be effective if the ca options property is explicitly specified for a HTTPS client or server.,A safer way is to specify the CA certificate that is expected from the server. In other words, the common name of the certificate needs to match with the server certificate.

The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below.

https.request({
   ....,
   rejectUnauthorized: false,
}, ...)

or set it as environment variable

NODE_TLS_REJECT_UNAUTHORIZED = 0
load more v
40%

Since npm stopped automatically accepting self-signed certificates, users have started to report errors while trying to publish some packages in certain applications.,This means that the certificate verification process was no longer automatic. So developers now have to set up their application to see the self-signed certificates.,Until a few years ago, when npm for instance announced that they would no longer support self-signed certificates.,For some time now, developers encountered a SELF_SIGNED_CERT_IN_CHAIN error during installing and publishing packages in certain applications and developer tools such as Node.js, npm, or Git.

You can insert an environment variable to allow untrusted certificates using the following command at the beginning of the code:

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
load more v
22%

It shouldn't even try to open a SSL connection because I'm using HTTP for the registry.,npm install protractor gives an error when running node-gyp "Error: self signed certificate in certificate chain":, Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. ,@NatoBoram That's not node-gyp, that's electron's postinstall script.

registry = http: //registry.npmjs.org/
   strict - ssl = false
python = python2 .7
ca =
load more v

Other "nodejs-error" queries related to "Nodejs - error self signed certificate in certificate chain"