0

I am not able to use fetch or axios in my nodejs program. I am getting an error. error

I am not able to install any packages using npm. I've tried using python's request method also I am getting the same error "Unable to verify the first certificate".

I've tried this *Error: unable to verify the first certificate in nodejs * But it didn't work.

Nabeel Parve
  • 3
  • 3
  • In the shared image your password is showed. Obfuscate it!! Also your error is not related to axios or fetch. – JRichardsz Jul 14 '23 at 14:12

1 Answers1

0

Meta: Not a full answer and possibly not even a development problem, but won't reasonably fit in comments. I will delete if necessary.

If this or certain other cert-chain error(s) occurs on attempted connections to multiple valid hosts, it is most likely due to something on your machine (especially if Windows) or in the network you use (especially if a business, organization, or school) intercepting HTTPS traffic and doing so badly. This is often an 'endpoint security' or 'anti-virus' product or an IDS or IPS (Intrusion Detection or Prevention System) or DLP (Data Loss Prevention) system, but more and more things that need, or claim to need, to inspect traffic keep proliferating.

If you have or can get OpenSSL on your machine, do

openssl s_client -connect {host}:443 -showcerts <NUL:
# or </dev/null on Unix, or Unix emulation like WSL

to see exactly what cert(s) you are getting and compare them to the correct ones for that site. (https://www.ssllabs.com/ssltest is a reliable source for the correct chain(s) with some useful added analysis/commentary.)

Without OpenSSL you can get a pretty good approximation with nodejs like this:

const tls = require('tls'); const host = 'identitytoolkit.googleapis.com'; // change as appropriate
const s = tls.connect({host,port:443,servername:host,rejectUnauthorized:false},()=>{
  var c = s.getPeerCertificate(true), p;
  do{ console.log(c.subject); console.log(c.issuer); console.log('-----');
    p = c; c = p.issuerCertificate; }while( c && c!=p );
  s.destroy(); } );

On my system (with no interception) the correct output for that host is

{ CN: 'upload.video.google.com' }
{ C: 'US', O: 'Google Trust Services LLC', CN: 'GTS CA 1C3' }
-----
{ C: 'US', O: 'Google Trust Services LLC', CN: 'GTS CA 1C3' }
{ C: 'US', O: 'Google Trust Services LLC', CN: 'GTS Root R1' }
-----
{ C: 'US', O: 'Google Trust Services LLC', CN: 'GTS Root R1' }
{ C: 'BE',
  O: 'GlobalSign nv-sa',
  OU: 'Root CA',
  CN: 'GlobalSign Root CA' }
-----
{ C: 'BE',
  O: 'GlobalSign nv-sa',
  OU: 'Root CA',
  CN: 'GlobalSign Root CA' }
{ C: 'BE',
  O: 'GlobalSign nv-sa',
  OU: 'Root CA',
  CN: 'GlobalSign Root CA' }
-----
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • I tried running the nodejs script , I got the following output : "[Object: null prototype] { CN: 'upload.video.google.com' } [Object: null prototype] { C: 'EN', CN: 'Sample CA 2' } -----" ................ PS : I am using my personal wifi. – Nabeel Parve Jul 15 '23 at 14:08
  • Thankyou for responding! – Nabeel Parve Jul 15 '23 at 14:10
  • I tried running the openssl command also getting the following output : $ openssl s_client -connect {host}:443 -showcerts – Nabeel Parve Jul 15 '23 at 14:19
  • $ openssl s_client -connect {host}:443 -showcerts : 1740:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../openssl-1.1.1o/crypto/bio/b_addr.c:730:N connect:errno=11001 – Nabeel Parve Jul 15 '23 at 14:19
  • (1) if you use bash that is really WSL or git4win/mingw64 (but not e.g. djgpp) it is a Unix emulation and you use Unix syntax `/dev/null` instead of `NUL:` (2) `{host}` is a placeholder -- put the _actual host name_ there (3) are you sure you copied my (node)js correctly? `.subject` should exist in all certs and `.issuer` should not be an end-entity like upload.video.google.com (although `.subject` _in the first cert_ should) – dave_thompson_085 Jul 15 '23 at 14:38
  • Yes I have copy pasted your node js script as it is – Nabeel Parve Jul 16 '23 at 14:09
  • The problem was because of my antivirus , After uninstalling its working. Thankyou for responding! – Nabeel Parve Jul 16 '23 at 15:44