Nodejs https request UNABLE_TO_GET_ISSUER_CERT_LOCALLY

After some study i found that this is a problem of the server that i'm trying to make the https request to.

Node https cannot find the ssl ISSUER_CERT on the private.service server and so it throw that exception.

The solution i used, since i'm sure i can trust that server, was to add

            rejectUnauthorized: false

to the options of the https request, this way node will not throw an exception in case of certificates problem.

Anyway this solution is valid only if you know you can trust the host of your request, otherwise it's probably not the best solution.


There is a reason for SSL. Besides other features, it authenticates that you are really communicating with the server identified by private.service.com hostname. Otherwise your client software can be cheated by a Man-in-the-Middle attack.

First when anyone encounters this issue, they should update system root SSL certificates. In Debian they are contained in ca-certificates apt-get package.

If it doesn't help, the server probably uses an issuer certificate, which is not trusted by default worldwide PKI infrastructure. In this case the client should compare the certificate public key signature with a preshared value. This is known as "certificate pinning".

Specifically to your error, if it worked before, it is possible that the server certificate has expired. The server should renew it. As a temporary solution, you can turn off PKI validation by rejectUnauthorized option. However you should use it together with the pinning approach. In NodeJS, you can get the server certificate fingerprint from res.socket.getPeerCertificate().fingerprint.


After a reasearch this solved the problem:

npm set strict-ssl=false

Hope it helps.

Tags:

Ssl

Https

Node.Js