Q: How can I make a HTTPS to the backend with a self-signed certificate?

[uynap]

I use the HTTPS backend with a self-signed certificate. I need to tell the HTTP client(fetch) to skip checking the insecure certificate. Otherwise I'm getting "x509: certificate signed by unknown authority" error. As I didn't find any related topics in the documentation. I was wondering what would be your solution or workaround for my situation?

[uynap]

BTW. I've tried rejectUnauthorized: false. It's just not working. https://github.com/axios/axios/issues/535

[ghost]

I'm stuck on this issue too. #535 suggests to create a custom https agent and set rejectUnauthorized to false however, https module doesn't exist in node_modules. Is there any workaround for this in react native?

[florianbepunkt]

+1 Same here

[jcrben]

In addition to passing the proper parameter in the constructor (new https.Agent({ rejectUnauthorized: false })), I needed to put: https.globalAgent.options.rejectUnauthorized = false; at the top (per https://github.com/request/request/issues/418#issuecomment-274105600)

You might also try process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

Similar recommendations appear in https://github.com/axios/axios/issues/535

@nickuraltsev @rubennorte seems like this question should be closed - if someone tries this combination and it still doesn't work, should reopen

[xemasiv]

Also encountered this on axios with react-native

Just use a Free SSL that isn't self-signed instead.

Free SSL & React Native Apps

Problem:

• Your react-native app can't reach your http server, since https is required
• Your https server can't be reached, because sites / endpoints using self-signed certificates are disallowed
• Long story short, XHR / axios / Webview can't reach your server

Solution:

1. Generate a CSR

• You can use Namecheap's tool - https://decoder.link/csr_generator
• Make sure you keep the private key, you'll use it later

2. Go get a Free SSL catered by Comodo.

• https://ssl.comodo.com/free-ssl-certificate.php
• The certificate bundle you'll get won't be a self-signed one, a commodo support representative confirmed this with me.
• Use your CSR, then validate your ownership
• After couple of minutes you'll receive your cert bundle in your email, with 4 files
  • api_realtycoast_io.crt (named after the domain I used, which is api.realtycoast.io)
  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt

3. Do a CA/End-Entity Certificate matching

• Go to https://decoder.link/ca_matcher
• Paste the content of your api_realtycoast_io.crt equivalent as the END ENTITY CERTIFICATE
• Paste the content of your COMODORSADomainValidationSecureServerCA.crt as the CA CERTIFICATE
• Validate that shit, should be successful - if so, we proceed

4. Configure your Express SSL configuration

• Create a /ssl folder
• Put all those certificate files there
• Create a private.key file, PASTE YOUR PRIVATE KEY from STEP 1 there
• Now we use your site's certificate, your private key, and your CA certificate

const fs = require('fs');
const http = require('http');
const https = require('https');
const express = require('express');
const bodyParser = require('body-parser');

const SSL = {
  credentials: {
    key: fs.readFileSync('ssl/private.key', 'utf8'),
    cert: fs.readFileSync('ssl/api_realtycoast_io.crt', 'utf8'),
    ca: [
      fs.readFileSync('ssl/COMODORSADomainValidationSecureServerCA.crt', 'utf8')
    ]
  }
};

const app = express();
app.use(bodyParser.json());
app.get('/', (req, res) => res.send('Hello World!'));
http.createServer(app).listen(80);
https.createServer(SSL.credentials, app).listen(443);

• Git add, commit and push that shit
• Run your nodejs server again

5. Verify that shit

• Visit your https://yoursite.com/ that should be working well
• Visit https://www.sslshopper.com/ssl-checker.html
• Check your server endpoint's url there, you should be seeing ALL CHECKS, AND NO X's

6. Rebuild your react-native app, and re-run it - should be workign well now

• Test code for webview

import { WebView, View } from 'react-native';

// in your component render(), below

return (
<View style={{flex:1}}>
    <WebView
    source={{uri: 'https://api.realtycoast.io/auth'}}
    javaScriptEnabled={true}
    domStorageEnabled={true}
    startInLoadingState={true}
    style={{ flex:1, height: 500, width: 350 }}
    />
    </View>
);

• Test code for axios

    // replace your baseURL and url, below

          <Button onPress={
            ()=>{
              const x = axios.create({
                baseURL: 'https://api.realtycoast.io/',
                timeout: 10000,
                headers: {
                  'Accept': 'application/json',
                  'Content-Type': 'application/json',
                }
              });
            x.request({
              url: '/user/123'
            })
              .then(function (response) {
                console.log(response);
              })
              .catch(function (error) {
                console.log(error);
              });
            }
          }>
            <Text>Axios Test</Text>
          </Button>

https://github.com/xemasiv/my-dev-fixes#free-ssl--react-native-apps

[shamilsun]

@xemasiv this is not a solution, its example how to add ssl on nodejs backend. but we are looking how to allow self-ssl requests on android . okhttp3 restrict self signed certificate

[shamilsun]

with axios

[selmi-karim]

is there any update on this issue ??