-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: unable to get local issuer certificate #65
Comments
nodejs/node#8334 looks like is a compile time option 👎 |
hi, thanks for the report! I'm very close to a release candidate which will have cli options to set TLS options like |
That's awesome. I'll definitely try it as soon as it's available. There is one awful workaround I hesitate to mention but it is setting the env var:
I wish Node itself would let us set an env variable to specify CA, but that is another story... Cheers! |
Hi, I'm planning to look at this tonight. The issue comes from the rewrite middleware which is proxying The proxy request is complaining as the certificate supplied by your internal API server was issued by a CA it can't verify. There are two solutions i can think of:
Option 1 is the clear favourite, unless you have any reasons otherwise. Let me know. |
hmmm... something about ignoring TLS/cert issues just doesn't sit well, but I guess the point of this tool is to run an app locally, and you should know what you're proxying to for your backend APIs, so in a way, you really should know better. Or at least, you ought to know what you're proxying to... Given that assumption and option 1 is probably a heck of a lot easier to implement, yeah I can see where that would be a better choice. The only argument really is of course, as you say, 100% verified TLS link. How important is that when developing a JS lib locally against a set of backend APIs? Only users of this library can say for sure. I'll be good with whatever you decide :) 👍 |
i released v2.0.0-pre.4 which ignores CA verification issues by default.. as
However, i'm not finished there. I will make proxy requests fully configurable in the future so users that want strict TLS can have it, passing in CA certificate chains etc. |
Just tested it and it works great. Kudos! 💯 btw, love the more verbose output when using |
Using versions:
Say I have a backend server whose ssl cert was signed by my internal org's root ca. I have a rewrite rule here like so:
We get the following errors:
I think the problem is that node apparently hard codes its certificate authorities:
And there's a global option to supply your own ca certs file:
https.globalAgent.options.ca
Do you think we could have something like:
which would set that global option?
The text was updated successfully, but these errors were encountered: