Join GitHub today
Error: unable to get local issuer certificate #65
Say I have a backend server whose ssl cert was signed by my internal org's root ca. I have a rewrite rule here like so:
We get the following errors:
I think the problem is that node apparently hard codes its certificate authorities:
And there's a global option to supply your own ca certs file:
Do you think we could have something like:
which would set that global option?
That's awesome. I'll definitely try it as soon as it's available.
There is one awful workaround I hesitate to mention but it is setting the env var:
I wish Node itself would let us set an env variable to specify CA, but that is another story...
Hi, I'm planning to look at this tonight.
The issue comes from the rewrite middleware which is proxying
The proxy request is complaining as the certificate supplied by your internal API server was issued by a CA it can't verify. There are two solutions i can think of:
Option 1 is the clear favourite, unless you have any reasons otherwise. Let me know.
hmmm... something about ignoring TLS/cert issues just doesn't sit well, but I guess the point of this tool is to run an app locally, and you should know what you're proxying to for your backend APIs, so in a way, you really should know better. Or at least, you ought to know what you're proxying to...
Given that assumption and option 1 is probably a heck of a lot easier to implement, yeah I can see where that would be a better choice.
The only argument really is of course, as you say, 100% verified TLS link. How important is that when developing a JS lib locally against a set of backend APIs? Only users of this library can say for sure.
I'll be good with whatever you decide :)
i released v2.0.0-pre.4 which ignores CA verification issues by default.. as
However, i'm not finished there. I will make proxy requests fully configurable in the future so users that want strict TLS can have it, passing in CA certificate chains etc.