How can I disable the validation check for hosts with a selfsigned certificate?
qupfer opened this issue · comments
Hi,
is there a easy way to disable the validation check?
I have trouble to connect to a servie with a self signed certifcate and also toruble to connect to a server with a valid Let's encrypt certifcate (https://leipzig.07q.de/)
(Just to be sure: I'm not speaking about the borwser warning)
┏ Electron -------------------
hoxy error: UNABLE_TO_VERIFY_LEAF_SIGNATURE { Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
at TLSSocket.emit (events.js:182:13)
at TLSSocket.EventEmitter.emit (domain.js:442:20)
at TLSSocket._finishInit (_tls_wrap.js:635:8) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
┗ ----------------------------
┏ Electron -------------------
ERROR: Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
at TLSSocket.emit (events.js:182:13)
at TLSSocket.EventEmitter.emit (domain.js:442:20)
at TLSSocket._finishInit (_tls_wrap.js:635:8)
┗ ----------------------------
┏ Electron -------------------
hoxy error: DEPTH_ZERO_SELF_SIGNED_CERT { Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
at TLSSocket.emit (events.js:182:13)
at TLSSocket.EventEmitter.emit (domain.js:442:20)
at TLSSocket._finishInit (_tls_wrap.js:635:8) code: 'DEPTH_ZERO_SELF_SIGNED_CERT' }
┗ ----------------------------
┏ Electron -------------------
ERROR: Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
at TLSSocket.emit (events.js:182:13)
at TLSSocket.EventEmitter.emit (domain.js:442:20)
at TLSSocket._finishInit (_tls_wrap.js:635:8)
Hmm, the ideal solution here would be if it were possible to import custom certificates into James
for testing websites - I'll create a separate ticket for that (#410) (note that this project doesn't have a lot of maintainer time, so no guarantees of it being implemented soon).
In the short-term, you can work around this by disabling HTTPS certificate checks (which is very insecure!). You'll need to run James
from a command-prompt, and do the following:
- First,
export NODE_TLS_REJECT_UNAUTHORIZED=0
(on Windows, I think that this isSET NODE_TLS_REJECT_UNAUTHORIZED=0
) - Start James from that command line window
I hope this helps, but let me know if you have any issues :)
Looking into this further, it looks like you can provide the custom certificate to Node via environment variable, which is much better than ignoring rejected certificates.
export NODE_EXTRA_CA_CERTS=[your CA certificate file path]
Works great. Thanks