0

The folder structure is like this, and the root of the client and server folders is itself.

app
 |- client 
 |- server

The request header contains the httpAgent property and the nodejs server sent an import request to a website that requires a public certificate, but the following error appears

  cause: Error: unable to get local issuer certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
      at TLSSocket.emit (node:events:520:28)
      at TLSSocket._finishInit (node:_tls_wrap:944:8)
      at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
    code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
  }

The homepage that receives my request is made with php.

> npm config set cafile "openSSL.pem"

> npm config ls -l

> ca = null 
  ; cafile = null ; overridden by user
  cafile = "/Users/user/app/server/AlphaSSL CA - SHA256 - G2.pem"

const httpsAgent = https.Agent({
  ca: "/AlphaSSL CA - SHA256 - G2",
  keepAlive: true,
});
module.exports = async (req, res) => {
  const mealsPage = await axios({
    method: "get",
    baseURL: "baseURL",
    url: "url",
    withCredentials: true,
    httpsAgent: httpsAgent,
  });

+++ not occur error

const httpsAgent = https.Agent({
  ca: fs.readFileSync("GlobalSign Root CA.pem"),
  keepAlive: true,
});

why occur error? cause: Error: unable to get issuer certificate

const httpsAgent = https.Agent({
  ca: fs.readFileSync("AlphaSSL CA - SHA256 - G2.pem"),
  keepAlive: true,
});

page root certificate is GlobalSign Root CA.pem, middle certificate is AlphaSSL CA - SHA256 - G2.pem.

최석규
  • 46
  • 5
  • I think your certificate (used in php server) is not trusted by your client (nodejs). You need to test that first. This may help: https://stackoverflow.com/questions/29283040/how-to-add-custom-certificate-authority-ca-to-nodejs – MuaazH Oct 31 '22 at 16:47
  • where file path must in project root ? either keychains folder?NODE_EXTRA_CA_CERTS= >> file < – 최석규 Oct 31 '22 at 17:39
  • You tell me where the file is. This is a file related to your php server. You can put it wherever you want. If you don't have it or you're not sure what it is, that's another story. You can use your the browser to download the CA your php server is using. – MuaazH Oct 31 '22 at 17:44
  • I have the root chain and intermediate chain files that the PHP server is using. But PHP server is our school homepage. – 최석규 Nov 01 '22 at 02:16

1 Answers1

0

page root certificate is GlobalSign Root CA.pem, middle certificate is AlphaSSL CA - SHA256 - G2.pem.

You answered your own question. AlphaSSL CA is just an intermediate certificate, it is not the root certificate.

Maybe it's because the intermediate certificate is not marked as a CA, therefor it can't be used as a CA.

MuaazH
  • 152
  • 14