NodeJS无法读取ubuntu中的默认CA. [英] NodeJS unable to read default CAs in ubuntu

问题描述

在我们的测试环境中，我们连接到由我们公司签署的另一台SSL服务器。每次建立连接时，nodejs都会抛出
UNABLE_TO_VERIFY_LEAF_SIGNATURE 。
我已经通过设置 rejectUnauthorized：false 找到了解决方法，但这在我们的情况下不适用。

On our testing environment we are connecting to another server with SSL signed by our company. Every time connection is made nodejs throws UNABLE_TO_VERIFY_LEAF_SIGNATURE. I have found workarounds by setting rejectUnauthorized: false, but this is not aplicable in our case.

证书添加到 / etc / ssl 并使用环境变量 SSL_CERT_DIR 测试 / etc / ssl anb / etc / ssl /

The certificates are added to /etc/ssl/certs and tested with the environment variable SSL_CERT_DIR to be either /etc/ssl anb /etc/ssl/certs, but no result.

此外，在我们的文件中添加证书并将其添加到每个请求都是不可取的。

Also, it is not preferable to add somewhere in our files the certificate and add it to every request.

推荐答案

这是因为节点不使用系统的CA配置;它包括其自己内置的可接受的CA列表。

This is because node does not use your system's CA configuration; it includes its own built-in list of acceptable CAs.

如果您希望节点SSL客户端接受自定义CA，则必须在 ca 选项。

If you want a node SSL client to accept a custom CA, you have to pass the CA's certificate in the ca option.

// do something like this when your app starts up:
fs.readFile('/path/to/ca.pem', function(err, cert) {
    if (err) ...
    else certBuffer = cert;
});

// then when you make requests...
https.request({
    hostname: 'example.com',
    port: 443,
    path: '/',
    method: 'GET',
    ca: certBuffer
}, ...);

这篇关于NodeJS无法读取ubuntu中的默认CA.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！