How can I disable the validation check for hosts with a selfsigned certificate?

Question

How can I disable the validation check for hosts with a selfsigned certificate?

qupfer opened this issue 5 years ago · comments

Hi,
is there a easy way to disable the validation check?
I have trouble to connect to a servie with a self signed certifcate and also toruble to connect to a server with a valid Let's encrypt certifcate (https://leipzig.07q.de/)
(Just to be sure: I'm not speaking about the borwser warning)

┏ Electron -------------------
  hoxy error:  UNABLE_TO_VERIFY_LEAF_SIGNATURE { Error: unable to verify the first certificate
      at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
      at TLSSocket.emit (events.js:182:13)
      at TLSSocket.EventEmitter.emit (domain.js:442:20)
      at TLSSocket._finishInit (_tls_wrap.js:635:8) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

┗ ----------------------------
┏ Electron -------------------
  ERROR: Error: unable to verify the first certificate
      at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
      at TLSSocket.emit (events.js:182:13)
      at TLSSocket.EventEmitter.emit (domain.js:442:20)
      at TLSSocket._finishInit (_tls_wrap.js:635:8)

┗ ----------------------------
┏ Electron -------------------
  hoxy error:  DEPTH_ZERO_SELF_SIGNED_CERT { Error: self signed certificate
      at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
      at TLSSocket.emit (events.js:182:13)
      at TLSSocket.EventEmitter.emit (domain.js:442:20)
      at TLSSocket._finishInit (_tls_wrap.js:635:8) code: 'DEPTH_ZERO_SELF_SIGNED_CERT' }

┗ ----------------------------
┏ Electron -------------------
  ERROR: Error: self signed certificate
      at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
      at TLSSocket.emit (events.js:182:13)
      at TLSSocket.EventEmitter.emit (domain.js:442:20)
      at TLSSocket._finishInit (_tls_wrap.js:635:8)

Mitchell Hentges · Answer 1 · Tue Jan 29 2019 14:38:24 GMT+0800 (China Standard Time)

Hmm, the ideal solution here would be if it were possible to import custom certificates into James for testing websites - I'll create a separate ticket for that (#410) (note that this project doesn't have a lot of maintainer time, so no guarantees of it being implemented soon).

In the short-term, you can work around this by disabling HTTPS certificate checks (which is very insecure!). You'll need to run James from a command-prompt, and do the following:

First, export NODE_TLS_REJECT_UNAUTHORIZED=0 (on Windows, I think that this is SET NODE_TLS_REJECT_UNAUTHORIZED=0)
Start James from that command line window

I hope this helps, but let me know if you have any issues :)

Mitchell Hentges · Answer 2 · Tue Jan 29 2019 14:44:54 GMT+0800 (China Standard Time)

Looking into this further, it looks like you can provide the custom certificate to Node via environment variable, which is much better than ignoring rejected certificates.

export NODE_EXTRA_CA_CERTS=[your CA certificate file path]

qupfer · Answer 3 · Tue Jan 29 2019 16:33:41 GMT+0800 (China Standard Time)

Works great. Thanks