2

Edit: I originally thought the server's certificate was self signed. Turns out it was signed by a self-signed CA certificate.

I'm trying to write a Node.js application that accesses an HTTPS site that's protected using a self-signed certificate certificate signed by a private, self-signed CA certificate. I'd also like to not completely disable certificate checking.

I tried putting the self signed certificate server's certificate in the request options, but that doesn't seem to be working. Anyone know how to do this?

I expect the following code to print statusCode 200, but instead it prints [Error: SELF_SIGNED_CERT_IN_CHAIN].

I've tried similar code with request with the same results.

var https = require('https');
var fs = require('fs');

var opts = {
    hostname: host,
    port: 443,
    path: '/',
    method: 'GET',
    ca: fs.readFileSync(serverCertificateFile, 'utf-8')
};

var req = https.request(opts, function (res) {
    console.log('statusCode', res.statusCode);
});

req.end();
req.on('error', function (err) {
    console.error(err);
});
leedm777
  • 23,444
  • 10
  • 58
  • 87
  • I think this may be of use to you: http://stackoverflow.com/questions/10142431/my-node-js-https-client-always-works-regardless-of-certificate-validity – vcazan Jun 10 '14 at 13:55
  • @vcazan I tried adding both `agent: false` and `opts.agent = new https.Agent(opts);`, and neither one worked :-( – leedm777 Jun 10 '14 at 16:03
  • Are you sure you have the right certificate? Your code works for me with a self signed certificate. If I read a different (incorrect) certificate for `opts.ca` then I get `Error: DEPTH_ZERO_SELF_SIGNED_CERT].` – rhashimoto Jun 10 '14 at 22:10
  • @rhashimoto I think that was the hint I needed. It's not that the HTTPS certificate was self signed, but the server certificate was self signed. Thanks! – leedm777 Jun 11 '14 at 03:07

1 Answers1

1

The error [Error: SELF_SIGNED_CERT_IN_CHAIN] is the clue to what's going on here.

That's an indication that the HTTPS server's certificate was signed by a self signed certificate, not that it's a self signed certificate itself. If the server certificate were self signed, the error would be [Error: DEPTH_ZERO_SELF_SIGNED_CERT].

If you provide the CA certificate instead of the server's certificate, it should work.

leedm777
  • 23,444
  • 10
  • 58
  • 87