0

I have created a certificate using IBM Certificate Manager which provides me with a cert.pem, cert.key and cert_intermediate.pem files. I'm including them in a NodeJS app using the request library. I take the files, convert them to a single string with \n after each line and include them in the headers "ca" (using the content of cert_intermediate.pem), "cert" (using the content of cert.pem) and "key" (using the content of cert.key).

When I make a request, I get the following error:

{ Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1088:34)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8) code: 'SELF_SIGNED_CERT_IN_CHAIN' }

What could I be doing wrong?

Thanks, Troy

Troy
  • 188
  • 8
  • If I only send the cert header with the content of the cert.pem file, then I don't get the TLS self-signed certificate error. Maybe I don't need to send the ca and key header. Also having the key header be the private key content sounds odd to me. – Troy May 03 '21 at 19:04

1 Answers1

0

A client should not be familiar with private keys and certificates! They are server assets.
You need to use your certificates and private key in your server configuration.
In a client request, you may use an intermediate certificate, and this needed only if the client doesn't have your root ca

Tantre
  • 33
  • 2
  • 9
  • This is intended for client authentication with a proxy. So, in this case, the proxy is validating that the request is from a trusted source and will pass the request on to a server behind the firewall. So the client does need to know about the certificate since it is the one initiating the request through a proxy. – Troy May 04 '21 at 17:56