Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"UNABLE_TO_VERIFY_LEAF_SIGNATURE" error #1482

Open
uniyalVJ opened this issue Feb 24, 2021 · 1 comment
Open

"UNABLE_TO_VERIFY_LEAF_SIGNATURE" error #1482

uniyalVJ opened this issue Feb 24, 2021 · 1 comment
Labels
bug

Comments

@uniyalVJ
Copy link
Collaborator

uniyalVJ commented Feb 24, 2021
edited
Loading

Attempting to test against Cedardevs environment resulted in a "UNABLE_TO_VERIFY_LEAF_SIGNATURE" error. Error has occurred various time before including on the python client. Common bypasses attempted such as ignoring certificates, setting strict-ssl to false, or hard setting environment variables did not work. Error itself is not documented well online, but these resources were found while searching for a solution:

UNABLE_TO_VERIFY_LEAF_SIGNATURE/unable to verify the first certificate

Resolve Certificate Errors in a Node.js App with SSL Calls

For example, running the following command to make an API post to cedardevs

sitemap % Node generator.js --api https://cedardevs.org/onestop/api --website https://cedardevs.org/onestop

Resulted in the following skimmed output:

 ` _events: [Object: null prototype] {
    response: [Function: handleResponse],
    error: [Function: handleRequestError]
  },
  _eventsCount: 2,
  _maxListeners: undefined,
  _options: {
    maxRedirects: 21,
    maxBodyLength: 10485760,
    protocol: 'https:',
    path: '/onestop/api/search/collection',
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      'User-Agent': 'axios/0.21.1',
      'Content-Length': 97
    },
    agent: undefined,
    agents: { http: undefined, https: undefined },
    auth: undefined,
    hostname: 'cedardevs.org',
    port: null,
    nativeProtocols: { 'http:': [Object], 'https:': [Object] },
    pathname: '/onestop/api/search/collection'
  },
  _ended: false,
  _ending: true,
  _redirectCount: 0,
  _redirects: [],
  _requestBodyLength: 97,
    _eventsCount: 7,
    _maxListeners: undefined,
    outputData: [],
    outputSize: 0,
    writable: true,
    destroyed: false,
    _last: true,
    chunkedEncoding: false,
    shouldKeepAlive: false,
    _defaultKeepAlive: true,
    useChunkedEncodingByDefault: true,
    sendDate: false,
    _removedConnection: false,
    _removedContLen: false,
    _removedTE: false,
    _contentLength: null,
    _hasBody: true,
    _trailer: '',
    finished: false,
    _headerSent: true,
    _closed: false,
    socket: TLSSocket {
      _tlsOptions: [Object],
      _secureEstablished: true,
      _securePending: false,
      _newSessionPending: false,
      _controlReleased: true,
      secureConnecting: true,
      _SNICallback: null,
      servername: 'cedardevs.org',
      alpnProtocol: false,
      authorized: false,

      **authorizationError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',**
@uniyalVJ uniyalVJ added the bug label Feb 24, 2021
@divishav
Copy link

Is there any solution to the "UNABLE_TO_VERIFY_LEAF_SIGNATURE" error? I understand this is caused when the root CA of the server is not added in the trusted CA list of Node JS. And the CA cert can be added to Node Js by setting the ca in options or setting the environment variable - NODE_EXTRA_CA_CERTS. But is there any better way to solve this where we do not need to add server certs to Node Js code? Thinking about deployment in cloud platforms this looks like a non-practical approch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@divishav @uniyalVJ