Best IT Recipes

Failed to verify sheet signature

I am using node.js request.js to reach the API. I get this error

[Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]

All my credentials are accurate and valid, and the server is fine. I made the same request with the postman.

request({ "url": domain+"/api/orders/originator/"+id, "method": "GET", "headers":{ "X-API-VERSION": 1, "X-API-KEY": key }, }, function(err, response, body){ console.log(err); console.log(response); console.log(body); });

This code is simply executed in an ex executable script. node./run_file.js , why this? Do I need to run on the server?

+116
javascript ssl request
Nov 19 '13 at 21:54
source share
10 answers

Note : the following is dangerous and will allow you to intercept and modify the contents of the API between the client and server.

It also worked

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';

+133
Nov 20 '13 at 15:51
source share

This is not a problem with the application, but with a certificate signed by an intermediate CA. If you accept this fact and want to continue, add the following query parameters:

 rejectUnauthorized: false

Full request:

 request({ "rejectUnauthorized": false, "url": domain+"/api/orders/originator/"+id, "method": "GET", "headers":{ "X-API-VERSION": 1, "X-API-KEY": key }, }, function(err, response, body){ console.log(err); console.log(response); console.log(body); });
+83
Nov 20 '13 at 9:25
source share

Secure solution

Instead of disabling security, you can add the necessary chains to the chain. First install the ssl-root-cas package from npm:

 npm install ssl-root-cas

This package contains many intermediate certificates trusted by browsers, but they are not.

 var sslRootCAs = require('ssl-root-cas/latest') sslRootCAs.inject()

Add the missing certificates. See here for more information:

https://git.coolaj86.com/coolaj86/ssl-root-cas.js

Also see next answer below

+70
Mar 08 '14 at 0:28
source share

CoolAJ86's solution is correct, and it does not reduce your security, like disabling all checks with rejectUnauthorized or NODE_TLS_REJECT_UNAUTHORIZED . However, you may need to enter an additional CA certificate explicitly.

I tried first the root CAs included in the ssl-root-cas module:

 require('ssl-root-cas/latest') .inject();

I still ended up with UNABLE_TO_VERIFY_LEAF_SIGNATURE error. Then I found out who issued the certificate for the website with which I connected COMODO SSL Analyzer , uploaded the certificate of this authority and tried to add only one:

 require('ssl-root-cas/latest') .addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');

I ended up with another error: CERT_UNTRUSTED . Finally, I introduced additional root CAs and turned on my (obviously, intermediary) CA, which worked:

 require('ssl-root-cas/latest') .inject() .addFile(__dirname + '/comodohigh-assurancesecureserverca.crt');
+42
Aug 31 '14 at 10:52
source share

For the Create React application (where this error also occurs, and this question is the result of Google’s # 1), you probably use HTTPS=true npm start and proxy (in package.json ), which goes to some HTTPS API, which itself is signed when in development.

If so, consider changing proxy as follows:

 "proxy": { "/api": { "target": "https://localhost:5001", "secure": false } }

secure decides whether the WebPack proxy checks the certificate chain or not, and disables it, ensuring that the self-signed API certificate is not verified to receive your data.

+4
Sep 21 '18 at 20:52
source share

Just put it here if it helps someone, my case was a different and a bit weird mix. I got this on request, which was accessed through superagent - the problem had nothing to do with certificates (which were correctly configured), and everything was connected with the fact that I was transmitting a superagent result via async callback of the module’s waterfall. To fix: instead of passing the whole result, just go through result.body through the waterfall callback.

+2
Dec 18 '15 at 15:02
source share

I had the same problems. I followed @ThomasReggi and the @ CoolAJ86 solution and worked well, but I am not satisfied with the solution.

Because the problem "UNABLE_TO_VERIFY_LEAF_SIGNATURE" is due to the certification configuration level.

I make a decision @thirdender, but its a partial solution. According to the official nginx website, they explicitly mentioned that the certificate should be a combination of Server Certificate and forged certificates.

enter image description here

+2
01 Feb '18 at 13:30
source share

I had a problem with my Apache configuration after installing the GoDaddy certificate on a subdomain. Initially, I thought this might be a problem when Node was not sending a Server Name Indicator (SNI), but that was not the case. Analysis of the SSL subdomain certificate using https://www.ssllabs.com/ssltest/ returned an error. Chain Issues: Incomplete.

After adding the GoDaddy file with gd_bundle-g2-g1.crt using the SSLCertificateChainFile Apache directive, Node was able to connect via HTTPS, and the error disappeared.

0
Nov 17 '17 at 18:25
source share

Put rejectUnauthorized: false in the petition and it worked for me.

0
Apr 23 '19 at 18:02
source share

You must enable the intermediate certificate on your server. This solves [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]

0
May 22 '19 at 8:12
source share


More articles:


All Articles