问题
I\'m trying to download a file from jira server using an url but I\'m getting an error. how to include certificate in the code to verify Error:
Error: unable to verify the first certificate in nodejs
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:929:36)
at TLSSocket.emit (events.js:104:17)
at TLSSocket._finishInit (_tls_wrap.js:460:8)
My Nodejs code:
var https = require(\"https\");
var fs = require(\'fs\');
var options = {
host: \'jira.example.com\',
path: \'/secure/attachment/206906/update.xlsx\'
};
https.get(options, function (http_res) {
var data = \"\";
http_res.on(\"data\", function (chunk) {
data += chunk;
});
http_res.on(\"end\", function () {
var file = fs.createWriteStream(\"file.xlsx\");
data.pipe(file);
});
});
回答1:
Try adding the appropriate root certificate
This is always going to be a much safer option than just blindly accepting unauthorised end points, which should in turn only be used as a last resort.
This can be as simple as adding
require('https').globalAgent.options.ca = require('ssl-root-cas/latest').create();
to your application.
The SSL Root CAs npm package (as used here) is a very useful package regarding this problem.
回答2:
Another dirty hack, which will make all your requests insecure:
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
回答3:
for unable to verify the first certificate in nodejs reject unauthorized is needed
request({method: "GET",
"rejectUnauthorized": false,
"url": url,
"headers" : {"Content-Type": "application/json",
function(err,data,body) {
}).pipe(
fs.createWriteStream('file.html'));
回答4:
The server you're trying to download from may be badly configured. Even if it works in your browser, it may not be including all the public certificates in the chain needed for a cache-empty client to verify.
I recommend checking the site in SSLlabs tool: https://www.ssllabs.com/ssltest/
Look for this error:
This server's certificate chain is incomplete.
And this:
Chain issues.........Incomplete
回答5:
You may be able to do this by modifying the request options as below. If you are using a self-signed certificate or a missing intermediary, setting strictSSL to false will not force request package to validate the certificate.
var options = {
host: 'jira.example.com',
path: '/secure/attachment/206906/update.xlsx',
strictSSL: false
}
回答6:
This actually solved it for me, from https://www.npmjs.com/package/ssl-root-cas
// INCORRECT (but might still work)
var server https.createServer({
key: fs.readFileSync('privkey.pem', 'ascii')
, cert: fs.readFileSync('cert.pem', 'ascii') // a PEM containing ONLY the SERVER certificate
});
// CORRECT (should always work)
var server https.createServer({
key: fs.readFileSync('privkey.pem', 'ascii')
, cert: fs.readFileSync('fullchain.pem', 'ascii') // a PEM containing the SERVER and ALL INTERMEDIATES
});
回答7:
GoDaddy SSL CCertificate
I've experienced this while trying to connect to our backend API server with GoDaddy certificate and here is the code that I used to solve the problem.
var rootCas = require('ssl-root-cas/latest').create();
rootCas
.addFile(path.join(__dirname, '../config/ssl/gd_bundle-g2-g1.crt'))
;
// will work with all https requests will all libraries (i.e. request.js)
require('https').globalAgent.options.ca = rootCas;
PS:
Use the bundled certificate and don't forget to install the library npm install ssl-root-cas
回答8:
This Worked For me => adding agent and 'rejectUnauthorized' set to false
const https = require('https'); //Add This
const bindingGridData = async () => {
const url = `your URL-Here`;
const request = new Request(url, {
method: 'GET',
headers: new Headers({
Authorization: `Your Token If Any`,
'Content-Type': 'application/json',
}),
//Add The Below
agent: new https.Agent({
rejectUnauthorized: false,
}),
});
return await fetch(request)
.then((response: any) => {
return response.json();
})
.then((response: any) => {
console.log('response is', response);
return response;
})
.catch((err: any) => {
console.log('This is Error', err);
return;
});
};回答9:
I was using nodemailer npm module. The below code solved the issue
tls: {
// do not fail on invalid certs
rejectUnauthorized: false
}
来源:https://stackoverflow.com/questions/31673587/error-unable-to-verify-the-first-certificate-in-nodejs