nodejs - error self signed certificate in certificate chain
Solution 1
Option 1: Disable the warning (useful for dev)
From your question I'm guessing you are doing this in development as you are using a self signed certificate for SSL communication.
If that's the case, add as an environment variable wherever you are running node
export NODE_TLS_REJECT_UNAUTHORIZED='0'
node app.js
or running node directly with
NODE_TLS_REJECT_UNAUTHORIZED='0' node app.js
This instructs Node to allow untrusted certificates (untrusted = not verified by a certificate authority)
If you don't want to set an environment variable or need to do this for multiple applications npm has a strict-ssl
config you set to false
npm config set strict-ssl=false
Option 2: Load in CA cert, like postman (useful for testing with TLS)
If you have a CA cert already like the poster @kDoyle mentioned then you can configure in each request (thanks @nic ferrier).
let opts = {
method: 'GET',
hostname: "localhost",
port: listener.address().port,
path: '/',
ca: fs.readFileSync("cacert.pem")
};
https.request(opts, (response) => { }).end();
Option 3: Use a proper SSL Cert from a trusted source (useful for production)
letsencrypt.org is free, easy to set up and the keys can be automatically rotated. https://letsencrypt.org/docs/
Solution 2
You can fix this issue using NODE_TLS_REJECT_UNAUTHORIZED=0
in the terminal or inserting the following line within the JS file.
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
Beware that this a hack and it should not be used in production.
If you are using windows then run the following command in the command prompt:
set NODE_TLS_REJECT_UNAUTHORIZED=0
After that, npm install <my-package>
will work.
Solution 3
You can write command npm config set strict-ssl false
Solution 4
for Nodemailer:
adding
tls: {
rejectUnauthorized: false
}
solved my problem.
Overall code looks liek this:
nodemailer.createTransport({
host: process.env.MAIL_SERVER,
secure: false,
port: 587,
auth: {
user: process.env.MAIL_USERNAME,
pass: process.env.MAIL_PASSWORD
},
tls: {
rejectUnauthorized: false
}
}
Solution 5
you just add at the start of your code this line:
process.env.NODE_TLS_REJECT_UNAUTHORIZED='0'
And everything solved, but in any case it is not recommendable, I am investigating the solution of https://letsencrypt.org/
kDoyle
Updated on November 19, 2021Comments
-
kDoyle over 2 years
I am facing a problem with client side https requests.
A snippet can look like this:
var fs = require('fs'); var https = require('https'); var options = { hostname: 'someHostName.com', port: 443, path: '/path', method: 'GET', key: fs.readFileSync('key.key'), cert: fs.readFileSync('certificate.crt') } var requestGet = https.request(options, function(res){ console.log('resObj', res); }
What I get is Error: self signed certificate in certificate chain.
When I use Postman I can import the client certificate and key and use it without any problem. Is there any solution available?? I would also like to be given some lights on how postman handles the certificates and works.
-
kDoyle almost 7 yearsIf I understand you correctly, setting that env_var in server will only disable the process of verification, which is something I don't want to do. I need to only do what postman does i.e. to import somehow the certificate.
-
Peter Grainger almost 7 yearsis the value you gave here:
cert: fs.readFileSync('certificate.crt')
the absolute location of the cert? -
Peter Grainger almost 7 yearsAlso two things you have to think about, the CN needs to be the same as the domain you are trying to use and 2 that your openssl package needs to be 1.0.2+ or you could just use a free CA letsencrypt.org
-
kDoyle almost 7 yearsIt seems that I misunderstood the rejection. It was meant to be done in client side and everything works like charm. Thank you and I accept the answer.
-
Anthony Roberts over 5 yearsI can't believe I finally found something to stop this error. I f'ing tried everything. worked on Jan.31.19,
-
Howdy almost 5 yearsI am getting this error on npm install @angular/fire firebase --save. Is it possible to update the answer to fix all node npm related issues?
-
Peter Grainger over 4 years@llaaalu do you mean change the wording of the answer so others who are using something other than node can find it useful?
-
armyofda12mnkeys over 4 yearsWhich is better: above NODE_TLS_REJECT_UNAUTHORIZED=0 env variable or below "npm config set strict-ssl=false" solution. Just curious whats more kosher.
-
Peter Grainger over 4 years@armyofda12mnkeys I think it depends on your setup. It's easier to add the Environment variable to the source code either as a developer only npm script or when running a docker container so others using your project don't run into the same issue. Setting the npm config is probably better if you aren't in a team or just coding for fun as then you don't need to keep setting it everywhere, you only have to do it once
-
GGEv over 4 yearsit didn't work for me but the spirit is the same, I posted my answer below
-
Badri Paudel almost 4 yearsIt works, but I think its a temporary solution only for our app up and running . It gives the following warning Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
-
TheRealFakeNews over 3 yearsShould be
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';
-
RushPL over 3 yearsWhat was the thing that your IT had to disable?
-
Wadi Diaz-wong over 3 yearsThis worked (number), didn't do the string version, I am running node.js on windows.
-
Nesho Neshev about 3 years@PeterGrainger, since this is the most up voted answer now, would you please add at the end that for self-signed certs in production, it is best to use the
ca
options property - the way Nic answered it below? I believe this is closer to the Postman workaround mentioned in the question. -
Asif K over 2 yearsthanks. option 1 worked for me. npm config set strict-ssl=false
-
imvanzen over 2 yearsThis is exactly what I was looking for. Thanks
-
st.huber over 2 yearsThis is the best option and does not compromise on security!
-
Kishore over 2 yearsboth works, First one (number) worked for me. (centos)
-
Salim Shamim over 2 yearsI am getting error while using SelfSigned cert for ftp on windows and using
ftp
npm module. Is the solution different for it ? -
WISERDIVISOR over 2 yearsTHAAAAAAANKKKSSSSS