nanusdad/first-certificate-error.md

Last active June 18, 2024 06:53

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nanusdad/08c0d4afcd4a339c32b64979315f9615.js"></script>
Save nanusdad/08c0d4afcd4a339c32b64979315f9615 to your computer and use it in GitHub Desktop.

Download ZIP

How to resolve - unable to verify the first certificate in NodeJS

Raw

first-certificate-error.md

How to resolve - unable to verify the first certificate in NodeJS

Connect using SSL to ascertain the error

openssl s_client -connect foo.badssl.com:443 -servername foo.badssl.com

Save output to tmp file

openssl s_client -connect foo.badssl.com:443 -servername foo.badssl.com | tee /tmp/logcertfile

Find issuer and CRT file

openssl x509 -in /tmp/logcertfile -noout -text | grep -i "issuer"

Get the intermediate certificate from issues

curl --output sectigo.crt http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Convert to pem file

openssl x509 -inform DER -in sectigo.crt -out sectigo.pem -text

Use pem file in NODE_EXTRA_CA_CERTS environment variables

PORT=3000 ROOT_URL=https://prod.domain.com NODE_EXTRA_CA_CERTS="/home/admin/sectigo.pem" node main.js

Read more on stackoverflow ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment