nodejs - error self signed certificate in certificate chain

javascript node.js authentication ssl https

184,831

Solution 1

Option 1: Disable the warning (useful for dev)

From your question I'm guessing you are doing this in development as you are using a self signed certificate for SSL communication.

If that's the case, add as an environment variable wherever you are running node

export NODE_TLS_REJECT_UNAUTHORIZED='0'
node app.js

or running node directly with

NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js

This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority)

If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl config you set to false

npm config set strict-ssl=false

Option 2: Load in CA cert, like postman (useful for testing with TLS)

If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).

 let opts = {
    method: 'GET',
    hostname: "localhost",
    port: listener.address().port,
    path: '/',
    ca: fs.readFileSync("cacert.pem")
  };

  https.request(opts, (response) => { }).end();

Option 3: Use a proper SSL Cert from a trusted source (useful for production)

letsencrypt.org is free, easy to set up and the keys can be automatically rotated. https://letsencrypt.org/docs/

Solution 2

You can fix this issue using NODE_TLS_REJECT_UNAUTHORIZED=0 in the terminal or inserting the following line within the JS file.

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;

Beware that this a hack and it should not be used in production.

If you are using windows then run the following command in the command prompt:

set NODE_TLS_REJECT_UNAUTHORIZED=0

After that, npm install <my-package> will work.

Solution 3

You can write command npm config set strict-ssl false

Solution 4

for Nodemailer:

adding

tls: {
  rejectUnauthorized: false
}

solved my problem.

Overall code looks liek this:

nodemailer.createTransport({
    host: process.env.MAIL_SERVER,
    secure: false,
    port: 587,
    auth: {
      user: process.env.MAIL_USERNAME,
      pass: process.env.MAIL_PASSWORD
    },
    tls: {
      rejectUnauthorized: false
    }
  }

Solution 5

you just add at the start of your code this line:

process.env.NODE_TLS_REJECT_UNAUTHORIZED='0'

And everything solved, but in any case it is not recommendable, I am investigating the solution of https://letsencrypt.org/

View more solutions

184,831

Author by

kDoyle

Updated on November 19, 2021

Comments

kDoyle over 2 years
I am facing a problem with client side https requests.

A snippet can look like this:
```
var fs = require('fs');
var https = require('https');

var options = {
    hostname: 'someHostName.com',
    port: 443,
    path: '/path',
    method: 'GET',
    key: fs.readFileSync('key.key'),
    cert: fs.readFileSync('certificate.crt')
}

var requestGet = https.request(options, function(res){
    console.log('resObj', res);
}
```
What I get is Error: self signed certificate in certificate chain.

When I use Postman I can import the client certificate and key and use it without any problem. Is there any solution available?? I would also like to be given some lights on how postman handles the certificates and works.
kDoyle almost 7 years

If I understand you correctly, setting that env_var in server will only disable the process of verification, which is something I don't want to do. I need to only do what postman does i.e. to import somehow the certificate.
Peter Grainger almost 7 years

is the value you gave here: cert: fs.readFileSync('certificate.crt') the absolute location of the cert?
Peter Grainger almost 7 years

Also two things you have to think about, the CN needs to be the same as the domain you are trying to use and 2 that your openssl package needs to be 1.0.2+ or you could just use a free CA letsencrypt.org
kDoyle almost 7 years

It seems that I misunderstood the rejection. It was meant to be done in client side and everything works like charm. Thank you and I accept the answer.
Anthony Roberts over 5 years

I can't believe I finally found something to stop this error. I f'ing tried everything. worked on Jan.31.19,
Howdy almost 5 years

I am getting this error on npm install @angular/fire firebase --save. Is it possible to update the answer to fix all node npm related issues?
Peter Grainger over 4 years

@llaaalu do you mean change the wording of the answer so others who are using something other than node can find it useful?
armyofda12mnkeys over 4 years

Which is better: above NODE_TLS_REJECT_UNAUTHORIZED=0 env variable or below "npm config set strict-ssl=false" solution. Just curious whats more kosher.
Peter Grainger over 4 years

@armyofda12mnkeys I think it depends on your setup. It's easier to add the Environment variable to the source code either as a developer only npm script or when running a docker container so others using your project don't run into the same issue. Setting the npm config is probably better if you aren't in a team or just coding for fun as then you don't need to keep setting it everywhere, you only have to do it once
GGEv over 4 years

it didn't work for me but the spirit is the same, I posted my answer below
Badri Paudel almost 4 years

It works, but I think its a temporary solution only for our app up and running . It gives the following warning Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
TheRealFakeNews over 3 years

Should be process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';
RushPL over 3 years

What was the thing that your IT had to disable?
Wadi Diaz-wong over 3 years

This worked (number), didn't do the string version, I am running node.js on windows.
Nesho Neshev about 3 years

@PeterGrainger, since this is the most up voted answer now, would you please add at the end that for self-signed certs in production, it is best to use the ca options property - the way Nic answered it below? I believe this is closer to the Postman workaround mentioned in the question.
Asif K over 2 years

thanks. option 1 worked for me. npm config set strict-ssl=false
imvanzen over 2 years

This is exactly what I was looking for. Thanks
st.huber over 2 years

This is the best option and does not compromise on security!
Kishore over 2 years

both works, First one (number) worked for me. (centos)
Salim Shamim over 2 years

I am getting error while using SelfSigned cert for ftp on windows and using ftp npm module. Is the solution different for it ?
WISERDIVISOR over 2 years

THAAAAAAANKKKSSSSS