Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error: unable to get local issuer certificate

See original GitHub issue

Using versions:

$ ws --version && node --version && npm --version
2.0.0-pre.1
v8.0.0
5.0.3

Say I have a backend server whose ssl cert was signed by my internal org’s root ca. I have a rewrite rule here like so:

$ ws -r '/path/* -> https://__internal.hostname__/path/$1' -v --config
{ port: 8000,
  stack:
   [ [Function: Log],
     [Function: Cors],
     [Function: Json],
     [Function: Rewrite],
     [Function: BodyParser],
     [Function: Blacklist],
     [Function: ConditionalGet],
     [Function: Mime],
     [Function: Compress],
     [Function: MockResponse],
     [Function: SPA],
     [Function: Static],
     [Function: Index] ],
  rewrite: [ '/path/* -> https:/__internal.hostname__/path/$1' ],
  verbose: true,
  config: true }

We get the following errors:

$ ws -r '/ta/* -> https://__internal.hostname__/path/$1' -v --https
Serving at https://__MY_HOST__:8000, https://__IP ADDR__:8000, https://__IP ADDR__:8000, https://__IP ADDR__:8000, https://127.0.0.1:8000
GET /example/ 200 9.899 ms - 927
GET /favicon.ico 404 6.632 ms - 9
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 34.836 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 46.020 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 52.791 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 60.247 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 43.301 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 43.349 ms - 21
Rewrite 'POST /path/to/api -> POST https://__internal.hostname__/path/to/api'
Error: unable to get local issuer certificate
POST /path/to/api 500 46.108 ms - 21
Error: unable to get local issuer certificate
POST /path/to/api 500 1065.275 ms - 21

I think the problem is that node apparently hard codes its certificate authorities:

And there’s a global option to supply your own ca certs file: https.globalAgent.options.ca

Do you think we could have something like:

ws -ca '/path/to/ca'

which would set that global option?

Issue Analytics

State:
Created 6 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

djKianooshcommented, Jun 21, 2017

Just tested it and it works great. Kudos! 💯

btw, love the more verbose output when using -v 👍

1reaction

djKianooshcommented, Jun 19, 2017

hmmm… something about ignoring TLS/cert issues just doesn’t sit well, but I guess the point of this tool is to run an app locally, and you should know what you’re proxying to for your backend APIs, so in a way, you really should know better. Or at least, you ought to know what you’re proxying to…

Given that assumption and option 1 is probably a heck of a lot easier to implement, yeah I can see where that would be a better choice.

The only argument really is of course, as you say, 100% verified TLS link. How important is that when developing a JS lib locally against a set of backend APIs? Only users of this library can say for sure.

I’ll be good with whatever you decide 😃 👍