NPM SELF_SIGNED_CERT_IN_CHAIN error


#1

Hi,

This code used to work, but something has changed.
I’m grabbing a file from the web using http.get and getting this error:

http-get error:  { Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (_tls_wrap.js:1049:34)
    at TLSSocket.emit (events.js:182:13)
    at TLSSocket._finishInit (_tls_wrap.js:631:8)
  code: 'SELF_SIGNED_CERT_IN_CHAIN',
  headers:
   { location:
      'https://education.qld.gov.au/about/Documents/qld-school-holidays.ics',
     server: 'BigIP',
     connection: 'close',
     'content-length': '0' },
  url:
   'https://education.qld.gov.au/about/Documents/qld-school-holidays.ics',
  method: 'GET' }

From my mac I can download that file fine using both Safari and Firefox - no certificate errors. Is there a setting in npm that will enable it to be more relaxed about SSL certificates?


#2

Hi @funkydan2 I’m not sure what’s changed; I don’t see anything obvious in the cert chain for that domain that would indicate an SSL problem, although SSL Labs shows a few potential problems.

You should be able to set a custom https.Agent with rejectUnauthorized set to false for this request to allow the self-signed cert.


#3

Thanks. I’m using http-request for this. Is rejectUnauthorized a setting for this library?

Project: https://glitch.com/edit/#!/aussie-school-holidays


#4

According to the docs for http.get() it takes an options param which has a noSslValidation property instead.


#5

Yes, I thought that might have been the parameter. I’ve set it to true, but no change to the error thrown. The function works as expected with other files over http and https.

The code is,

function updateCache(url, file) {
  
  return new Promise(function(resolve, reject) {
    var options = {
      url: url,
      noSslValidation: true};
    
    http.get(options, file, function(err, result) {
      if (err) {
        console.error("http-get error: ", err);
        reject(err);
      } else {
        //update timestamp!
        fs.utimes(file, new Date(), new Date(), function(err) {
          if (err) {
            console.error("Timestamp error: ", err);
          }
        });
        console.log("File downloaded at: " + result.file);
        resolve(result.file);
      }
    });
  });
}

#6

I’m not sure what the real cause of the problem was, but I’ve re-written the function using got, and the errors with the certificate are gone.