Monday, 17 April 2017

NodeJS Websocket UNABLE_TO_GET_ISSUER_CERT_LOCALLY

I am having an issue connecting to a server via NodeJS. I can connect to this server via the "Chrome Smart Websocket Client" (and in browser code), once I install the root CA certificate (on a Macintosh).

The certificate chain is "root -> intermediate -> server cert"

I am using the "ws" node library. The code is roughly:

var WebSocket = require('ws');
var theWebSocket = new WebSocket("wss://server:port/app");
theWebSocket.addEventListener("open", function(event) {
    console.log(event);
});
theWebSocket.addEventListener("message", function(event) {
    console.log(event);
});
theWebSocket.addEventListener("close", function(event) {
    console.log(event);
});
theWebSocket.addEventListener("error", function(event) {
    console.log(event);
});

The result is

 Error: unable to get local issuer certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1079:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:603:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:433:38)
  code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
  type: 'error',
  target: 
   WebSocket {
     domain: null,
     _events: 
      { open: [Object],
        message: [Object],
        close: [Object],
        error: [Object] },
     _eventsCount: 4,
     _maxListeners: undefined,
     readyState: 0,
     bytesReceived: 0,
     extensions: {},
     protocol: '',
     _binaryType: 'nodebuffer',
     _finalize: [Function: bound finalize],
     _finalizeCalled: false,
     _closeMessage: null,
     _closeTimer: null,
     _closeCode: null,
     _receiver: null,
     _sender: null,
     _socket: null,
     _ultron: null,
     protocolVersion: 13,
     _isServer: false,
     url: 'wss://server:port/app',
     _req: null } 

I have tried

npm config set cafile=device_ca_cert.cer

and

npm config set strict-ssl false

But neither seem to have an effect. I am unsure as to the format of the "device_ca_cert.cer" - it is in pem format in spite of the name. It looks like

ca[]="-----BEGIN CERTIFICATE-----..."
ca[]="-----BEGIN CERTIFICATE-..."

Any help greatly appreciated.



via user4509388

No comments:

Post a Comment