Certification Error when trying to access the api

[wsong-fv]

Hello, I am getting this error when trying to access the orgbookON api:

{ FetchError: request to https://www.von.gov.on.ca/api/v2/search/credential/topic?name=shop&inactive=false&latest=true&revoked=false failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (/home/wsong/Documents/Visual-Studio-Code/vonx-graphql/node_modules/node-fetch/lib/index.js:1455:11)
    at ClientRequest.emit (events.js:198:13)
    at TLSSocket.socketErrorListener (_http_client.js:401:9)
    at TLSSocket.emit (events.js:198:13)
    at emitErrorNT (internal/streams/destroy.js:91:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)
  message:
   'request to https://www.von.gov.on.ca/api/v2/search/credential/topic?name=shop&inactive=false&latest=true&revoked=false failed, reason: unable to verify the first certificate',
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

The api seems to work fine from the vonx website, but I don't know why it wouldn't work elsewhere.

[swcurran]

@WadeBarnes - can you take a look at this one? Thanks.

[WadeBarnes]

[WadeBarnes]

[WadeBarnes]

$ curl -v -X GET   'https://www.von.gov.on.ca/api/v2/search/credential/topic?name=shop&inactive=false&latest=true&revoked=false'   -H 'cache-control: no-cache'   -H 'postman-token: 391c8cab-8253-ee4c-2c39-d076d10d420b'
Note: Unnecessary use of -X or --request, GET is already inferred.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 142.34.208.209:443...
* TCP_NODELAY set
* Connected to www.von.gov.on.ca (142.34.208.209) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [93 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1926 bytes data]
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
} [2 bytes data]
* SSL certificate problem: unable to get local issuer certificate
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

[WadeBarnes]

Using SSL Server Test indicates the certificate chain is incomplete:

[WadeBarnes]

I've verified the route only contains the certificate for www.von.gov.on.ca, and not the others.

[WadeBarnes]

Added the missing certificates:

[WadeBarnes]

Calling the API using curl works now.

[WadeBarnes]

@wsong-fv, please try again.

[wsong-fv]

@WadeBarnes Yes, it is fixed now.

[WadeBarnes]

Thanks for confirming.