2

I'm trying to make a POST request from a Node/Express server to a ecommerce provider while authenticating with a .PEM certificate, which I converted from a .p12 file using openssl as per their instructions. The provider is supposed to return a unique transaction ID.

I've tried using the Request module as below but I'm getting a "bad certificate" error every time. I've tried with agentOptions, without agentOptions, checked the .pem file is being read correctly, etc.

Error: write EPROTO 140059546118016:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 42


const options = {
    url: "https://ecommerce.com:12345/some/route",
    agentOptions: {
      passphrase: process.env.MY_PASSPHRASE,
      ca: fs.readFileSync("./ssl/certificate.pem")
    },
    rejectUnauthorized: false,
    form: {
      amount: 100,
      currency: 981
    }
  };


  await request.post(options, (err, res, body) => {
    console.log({ err, res, body });
  });

I'm new to Node.js, and even newer with SSL :( apologies if I'm not explaining or understanding this correctly. Any help/direction will be much appreciated.

SOLVED Sample working code. Using the same exact key in cert and key fields worked for some reason.

const fs = require("fs"); 
const request = require("request-promise");  

const options = {     
  url: "https://provider.com:18443/some/path",     
  headers: {       
    "User-Agent": "node.js"     
  },     
  strictSSL: false,     
  form: {       
    // currency, language, provider-specific options here     
  },     
  cert: fs.readFileSync("./ssl/my_key.pem"),     
  key: fs.readFileSync("./ssl/my_key.pem"),     
  passphrase: process.env.PASSPHRASE 
};  
  
const req = await request.post(options, (err, httpResponse, body) => { 
  // do stuff with body here
})
giverz
  • 21
  • 1
  • 3
  • To help you get started the SSL alert number 42 means the certificate was not sent, which means the handshake failed. – mitchken Aug 26 '19 at 20:02
  • The largest problem will be in the uri not being passed, yet insteal url was typed in your options object. – mitchken Aug 26 '19 at 20:05
  • I added a more complete answer on the certificate quetsion you had. – mitchken Aug 26 '19 at 20:06
  • I cannot see where you are using the client certificate and key. These should be given in the `cert` and `key` parameters of `agentOptions`, see [the documentation](https://github.com/request/request#using-optionsagentoptions). – Steffen Ullrich Aug 26 '19 at 20:09
  • @SteffenUllrich @mitchken you were both correct. The cert was not being sent and I had to set it under both `cert` and `key` in the options. In my case using the same .pem file for both worked, which I don't fully understand why, but will look into this. I only had one cert file so was trying either/or. Thanks for your help! – giverz Aug 30 '19 at 10:13
  • I have the same issue with my payment gateway provider can you please share the code that solved your problem – Tabarek Ghassan Jul 17 '20 at 05:59
  • @TabarekGhassan, have edited the question with sample working code at the bottom! – giverz Jul 18 '20 at 08:40

0 Answers0