onestop icon indicating copy to clipboard operation
onestop copied to clipboard

Published 20 hours ago verified publisher icon cedardevs

"UNABLE_TO_VERIFY_LEAF_SIGNATURE" error

Open uniyalVJ opened this issue 4 years ago • 1 comments

Attempting to test against Cedardevs environment resulted in a "UNABLE_TO_VERIFY_LEAF_SIGNATURE" error. Error has occurred various time before including on the python client. Common bypasses attempted such as ignoring certificates, setting strict-ssl to false, or hard setting environment variables did not work. Error itself is not documented well online, but these resources were found while searching for a solution:

UNABLE_TO_VERIFY_LEAF_SIGNATURE/unable to verify the first certificate

Resolve Certificate Errors in a Node.js App with SSL Calls

For example, running the following command to make an API post to cedardevs

sitemap % Node generator.js --api https://cedardevs.org/onestop/api --website https://cedardevs.org/onestop

Resulted in the following skimmed output:

 ` _events: [Object: null prototype] {
    response: [Function: handleResponse],
    error: [Function: handleRequestError]
  },
  _eventsCount: 2,
  _maxListeners: undefined,
  _options: {
    maxRedirects: 21,
    maxBodyLength: 10485760,
    protocol: 'https:',
    path: '/onestop/api/search/collection',
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      'User-Agent': 'axios/0.21.1',
      'Content-Length': 97
    },
    agent: undefined,
    agents: { http: undefined, https: undefined },
    auth: undefined,
    hostname: 'cedardevs.org',
    port: null,
    nativeProtocols: { 'http:': [Object], 'https:': [Object] },
    pathname: '/onestop/api/search/collection'
  },
  _ended: false,
  _ending: true,
  _redirectCount: 0,
  _redirects: [],
  _requestBodyLength: 97,
    _eventsCount: 7,
    _maxListeners: undefined,
    outputData: [],
    outputSize: 0,
    writable: true,
    destroyed: false,
    _last: true,
    chunkedEncoding: false,
    shouldKeepAlive: false,
    _defaultKeepAlive: true,
    useChunkedEncodingByDefault: true,
    sendDate: false,
    _removedConnection: false,
    _removedContLen: false,
    _removedTE: false,
    _contentLength: null,
    _hasBody: true,
    _trailer: '',
    finished: false,
    _headerSent: true,
    _closed: false,
    socket: TLSSocket {
      _tlsOptions: [Object],
      _secureEstablished: true,
      _securePending: false,
      _newSessionPending: false,
      _controlReleased: true,
      secureConnecting: true,
      _SNICallback: null,
      servername: 'cedardevs.org',
      alpnProtocol: false,
      authorized: false,

      **authorizationError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',**

uniyalVJ avatar Feb 24 '21 00:02 uniyalVJ

Is there any solution to the "UNABLE_TO_VERIFY_LEAF_SIGNATURE" error? I understand this is caused when the root CA of the server is not added in the trusted CA list of Node JS. And the CA cert can be added to Node Js by setting the ca in options or setting the environment variable - NODE_EXTRA_CA_CERTS. But is there any better way to solve this where we do not need to add server certs to Node Js code? Thinking about deployment in cloud platforms this looks like a non-practical approch?

divishav avatar Jan 14 '22 04:01 divishav