self signed certificate in certificate chain

[w9y9x]

• [ √] I have checked that the SDK documentation doesn't solve my issue.
• [√ ] I have checked that the API documentation doesn't solve my issue.
• [√ ] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
• [ √] I have searched Issues in this repo and my issue isn't already reported. Reference Links：https://github.com/box/boxcli/issues/276

Description of the Issue

I installed box cli in linux environment and configured config.json, but when I run the box users:get command, an error message appears: self-signed certificate in certificate chain, but the box version is normal. How can I bypass SSL verification, or where should I download the certificate from?

Steps to Reproduce

1. npm install --global @box/cli
2. box configure:environments:add /root/config.json
3. box version
4. box users:get self-signed certificate in certificate chain

Expected Behavior

User information should appear normally

Error Message, Including Stack Trace

self signed certificate in certificate chain

Screenshots

Versions Used

Box CLI: @box/cli/3.14.1 linux-x64 node-v18.10.0 Operating System: Red Hat Enterprise Linux release 8.10 (Ootpa)

[arjankowski]

Hi @w9y9x,

The issue you're experiencing is most likely due to the proxy server using its own certificate, which is not trusted. To resolve this issue, you can try one of the following options:

1) Add an environment variable: Set the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0, as described here: GitHub Issue #276.

2) Add the self-signed certificate to trusted certificates: Download the self-signed certificate and add it to Node.js trusted certificates by setting the following environment variable:

export NODE_EXTRA_CA_CERTS=/path/to/certificate.pem

The best way to obtain the certificate is to request it from your proxy server administrator. If this is not possible, you can try to download it yourself by running the command:

openssl s_client -connect <PROXY_SERVER_ADDRESS:PORT> -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > downloaded_cert.pem

In your case, it should look like this:

openssl s_client -connect PITC-Zscaler-China-Shanghai-IDC-HC.proxy.corporate.ge.com:80 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > downloaded_cert.pem

I hope this helps! Artur

[w9y9x]

thank you for your reply I tried setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0, but it didn't seem to solve my problem

I also tried adding the trusted certificate in nodejs, but it didn't seem to work. Is there any other suitable solution?

[lukaszsocha2]

Hi @w9y9x, can you ask your proxy provider for the root self-signed certificate and then try to apply it again? Best, @lukaszsocha2

[w9y9x]

Do you know where I can get the self-signed certificate for box cli if I'm not using a proxy?

[stale[bot]]

This issue has been automatically marked as stale because it has not been updated in the last 30 days. It will be closed if no further activity occurs within the next 7 days. Feel free to reach out or mention Box SDK team member for further help and resources if they are needed.

[stale[bot]]

This issue has been automatically closed due to maximum period of being stale. Thank you for your contribution to Box CLI and feel free to open another PR/issue at any time.