Support for use_ssl_cert?See original GitHub issue
Hey there, Recently I encountered SSL certificate errors while calling Azure AD graph API using this library:
[Error: unable to verify the first certificate] code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
Then I looked it up and found this issue: Azure/azure-sdk-for-ruby#493, which seems pretty similar to my issue. The only problem - I couldn’t find anything similar to use_ssl_cert in the NodeJS SDK. So, my question is - what can I do?
- Created 7 years ago
- Comments:8 (4 by maintainers)
Top GitHub Comments
Node.js has a static list of trusted cert authorities as can be seen here. If you are behind a corporate proxy or a firewall, it cannot verify the certificate and you get the above error. Hence to solve this issue, node.js provided a mechanism to users where they can provide their own system trusted certs to be added to the static list. node.js should then not fail on certificate verification.
Documentation of the environment variable:
Added in: XXX When set, the well known “root” CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format. A message will be printed to stderr (once) if the file is missing or misformatted, but any errors are otherwise ignored.
Note that neither the well known nor extra certificates are used when the ca options property is explicitly specified for a TLS or HTTPS client or server.
Take a look at this issue on node.js github repo for more info. https://github.com/nodejs/node/issues/4175.
@omerlh - This was inherently a bug in node.js itself. node.js used a static list of trusted certs which were hard coded in code.
with new version of node.js v4.8.0 or 6.10.0, (documentation over here) you can set the following environment variable:
set NODE_EXTRA_CA_CERTS=<path-to-pem-file> and run the script again. This should work fine.