HTTP.get generates a SELF_SIGNED_CERT_IN_CHAIN error

[bluemonk]

Hello,

the following code

if (Meteor.isServer) {
  Meteor.startup(function () {
    var result = HTTP.get("https://server/url",
              {headers: {"Accept": "application/vnd.com.cisco.ise.identity.endpoint.1.0+xml"}, 
               auth: "user:pass"});
  });
}

generates the following error

Error: SELF_SIGNED_CERT_IN_CHAIN

is it a known issue with Self Signed certificates? Am I doing something wrong with the options?

[glasser]

Sounds like you have a self-signed certificate in your chain? By default a good HTTPS library ought to be wary of such things and only trust certificates with a known root.

If you need more subtle control over your https requests, I recommend using the request npm module.

[bluemonk]

I understand and appreciate it. Thanks for taking the time to answer.

It is very common for companies and enterprises to have their certificates issued by an internal CA, since they do not plan to expose their services to the internet. Moreover, a self-signed certificate could be handy when starting up a new project.

Do you think it would be a good idea to maybe have an option to explicitly accept self-signed certificates, disabled by default like it is today?

[bluemonk]

For future reference, adding

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

at the beginning of the file proved to be an effective workaround. Not ideal, but it's working.

[tagrudev]

I have absolutely the same problem - points are valid @bluemonk (Moreover, a self-signed certificate could be handy when starting up a new project).

@bluemonk did you manage to find a workaround ?

[bluemonk]

Yes I've posted it just above.

[tagrudev]

You've added that to the specific route ?

[dandv]

@bluemonk - maybe this request will help convince MDG to pass-through unknown HTTP options to the underlying module.

[deligence]

@bluemonk - It helps and resolve my issue as well, Thanks