ssl-checker icon indicating copy to clipboard operation
ssl-checker copied to clipboard
verified publisher icon dyaa

validFrom, validTo, and validFor are valid but valid is false

Open rawipon-t opened this issue 5 years ago • 3 comments

Example: { daysRemaining: 330, valid: false, validFrom: '2020-11-23T00:00:00.000Z', validTo: '2021-11-23T23:59:59.000Z', validFor: [ ... ] }

Can you explain me about this problem?

rawipon-t avatar Dec 29 '20 04:12 rawipon-t

Selfsigned certificate? If so you need to supply the ca certificate

ruohki avatar Mar 10 '21 06:03 ruohki

Same here, and I got mine from sslforfree. I am using it for dev only (local)

 {
  "daysRemaining": 87,
  "valid": false,
  "validFrom": "2022-07-04T00:00:00.000Z",
  "validTo": "2022-10-02T23:59:59.000Z",
  "validFor": [...]
}

Could you please provide a code sample for this case ?

Martin-Luther avatar Jul 08 '22 04:07 Martin-Luther

Ok, I got it to work ... This method is to be used for local only ... I guess, it should work in production without having to apply the following instructions.

I had to modify my code in order to get more details.

sslDetails = await sslChecker(endpoint, {
    method: 'GET',
    port: port || 443,
    ca: fs.readFileSync('/path/to/certificates/ca_bundle.crt'),
    agent: new https.Agent({
        maxCachedSessions: 0
    })
});

This way I was able to get this message

Error: unable to get issuer certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
    at TLSSocket.emit (node:events:390:28)
    at TLSSocket._finishInit (node:_tls_wrap:944:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)

After a search, I understood that I needed to chain my certificate by including the Root Certificate.

Ssl For Free gave me 3 files :

  • private.key
  • certificate.crt
  • ca_bundle.crt

I went to https://whatsmychaincert.com in order to Generate the Correct Chain by including the Root Certificate out the content of my certificate.crt.

I have renamed the downloaded file to certificate.chained+root.crt and put it alongside my other files. NB.: This file (certificate.chained+root.crt) is to be used in place of certificate.crt

I then opened my terminal to generate a combined file to be used as the ca certificate instead of using my initial ca_bundle.crt

cat private.key certificate.chained+root.crt > certificate.combined.pem

So for my ssl config I now have

{
    "_comment": "SSL Development Credentials: private key & certificate",
    "privateKey": "/path/to/certificates/private.key",
    "certificate": "/path/to/certificates/certificate.crt",
    "ca": "/path/to/certificates/certificate.combined.pem"
}

It is now working after that I have replaced ca_bundle.crt by certificate.combined.pem

sslDetails = await sslChecker(endpoint, {
    method: 'GET',
    port: port || 443,
    ca: fs.readFileSync('/path/to/certificates/certificate.combined.pem'),
    agent: new https.Agent({
        maxCachedSessions: 0
    })
});

Martin-Luther avatar Jul 08 '22 06:07 Martin-Luther