Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to verify the first certificate #141

Open
yohanntran opened this issue Jun 15, 2021 · 2 comments
Open

Unable to verify the first certificate #141

yohanntran opened this issue Jun 15, 2021 · 2 comments

Comments

@yohanntran
Copy link

Hi everyone,

I use node-ews to send message with ExchangeWeb Service but i have a problem.
When i use my 4G i can send message (because certificate is allow by default)
But i when i want use the network of my company, i can't. I read this error (unable to verify the first certificate).

I search and i found some solution like that : process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
but it's a ungly solution. I want solve the problem properly. I have the certificate of my company in .crt.

My question : Do you have implemente a function to pass in parameter the certificate ? or do you have an other solution ?

I'm French, sorry for my french expression.
Thank to developpe this library, it's very helpfull.

Yohann
@yohanntran
Copy link
Author

Hi everyone,

I find a solution which seems good but it's don't work.
I try to do that in shell :
export NODE_EXTRA_CA_CERTS=["xxxx/xxxx.crt"]

but :
$ node index.js
Warning: Ignoring extra certs from [xxxx/xxxx.crt], load failed: error:0200107B:system library:fopen:Unknown
error
app is running

@yohanntran
Copy link
Author

I find the solution.

My problem :
The certificate was wrong. You should go to the good website and download the certificate like that :
https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2

After, you should enter in shell :
NODE_EXTRA_CA_CERTS="C:/xxxx.pem" without export term with a great link (no relative to start and safety)

Normaly, the probleme is solve.

But you can try that if it's not the case in the code .js:
const https = require('https');
const fs = require('fs');

const trustedCa = [
'C:/xxxx.pem'
];

https.globalAgent.options.ca = [];
for (const ca of trustedCa) {
https.globalAgent.options.ca.push(fs.readFileSync(ca));
}

or in the shell command
npm config set cafile "path-to-my-cert.pem"
npm config ls -l

and you can test the connexion with (in the code .js):
const https = require('https');
const options = {
hostname: 'web_site_link',
port: 443,
path: '/',
method: 'GET'
};

const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);

res.on('data', (d) => {
process.stdout.write(d);
});
});

req.on('error', (e) => {
console.error(e);
});
req.end();

SOURCE :
https://stackoverflow.com/questions/44459971/nodejs-environment-variable-node-extra-ca-certs
https://www.gatsbyjs.com/docs/how-to/local-development/configuring-ca-certificates/
DOCUMENTATION NODE JS : https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file
https://medium.com/priceline-labs/solved-pm2-and-a-private-ca-110d63c51b01
https://stackoverflow.com/questions/29283040/how-to-add-custom-certificate-authority-ca-to-nodejs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yohanntran