Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local https with trusted certificate #39

Open
rokonec opened this issue Feb 12, 2020 · 3 comments
Open

local https with trusted certificate #39

rokonec opened this issue Feb 12, 2020 · 3 comments

Comments

@rokonec
Copy link

rokonec commented Feb 12, 2020

Hello,

I am having issue to connect to local service running at SSL.

Forwarding https://smee.io/xxxx to https://localhost:44310/api/webhooks/incoming/github
Connected https://smee.io/xxxxx
Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1475:34)
    at TLSSocket.emit (events.js:321:20)
    at TLSSocket._finishInit (_tls_wrap.js:918:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:688:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  response: undefined

I need to run this on local SSL as this service uses OAUth authentification with other services, which requires SSL redirect.

Thanks a lot for help. Roman
@ishagarg01
Copy link

Hi,

@rokonec Did you get any solution for this. I have my ssl enabled Jenkins and I want to connect smee with it. I have added NODE_EXTRA_CA_CERTS but getting the same issue as above. Please let me know if you have sort this out

@rokonec
Copy link
Author

rokonec commented May 1, 2020

Hi,
@IshaGarg2504 Sorry but I have not found a solution. I had to resolve to testing locally over non SSL and then use trace logging on SSL web deployed at Azure.

@robbie-cahill
Copy link

There are a few ways to do this.

You can try setting NODE_EXTRA_CA_CERTS=/path/to/exported_cert.pem (as @IshaGarg2504 suggested).

A lot of people run into issues with this method and its usually because of the way the certificate was generated. It needs to be either the full certificate full CA Chain or at least the Root CA certificate. You also need to be running Node 7.3.0 or above.

You could also set NODE_TLS_REJECT_UNAUTHORIZED=0. This should work, but its not recommended as it disables HTTPs validation for all of node and it'll make your app insecure. This will make node log a warning: Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. Definitely don't use this method in production 😀.

If you have your API running locally, one easy way to make it https with a valid certificate to use expose.sh.

You can run expose 80 then it'll generate a public HTTPs URL which will forward to localhost that you can use for testing your API, like https://a8kc.expose.sh.

There is a guide here.

@gregberge gregberge mentioned this issue Aug 5, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@robbie-cahill @rokonec @ishagarg01