Open giwleb opened 3 years ago
Hello @giwleb,
Thank you for taking the time to report this!
It looks like the issue is with your self signed certificate, perhaps the solution offered here may help. Please let us know your results. Thanks!
With best regards,
Elmer
Thanks. What I've learned is that unless your app uses the internal Windows cert store, you need to add the cert at the "app level". For example, I had to tell Firefox to use the Windows cert store via a configuration item. I'm not sure how to do that here. Running Node on Windows. I don't know specifically how node and openSSL work under the hood on Windows. I'm hoping you can help there.
For npm, for example, I had to run:
npm config set cafile d:\files\ca-chain-bba-fw.pem
Thank you for the follow up!
I do not have experience with the configuration you describe. A search for "install app certificates node windows" seems to yield some promising results. Please do let us know how you end up solving this issue, if possible. Thank you!
I have to admit I'm a bit disappointed in your response. Just because you don't have experience doesn't mean it's not something worth investigating. Also your search, which I've done, doesn't reveal clear paths to success.
After some poking around, and without implementing anything that is a glaring security hole (env NODE_TLS_REJECT_UNAUTHORIZED=0
), I went with env NODE_EXTRA_CA_CERTS=c:\path\to\cert.pem
.
This did work, but is there a way to migrate this to the config.json file?
Something like:
{
"tls":
{
"extraCaCerts":
[
{"path": "c:\path\to\cert.pem"}
]
}
}
Any thoughts @childish-sambino @thinkingserious ?
Hello @giwleb,
Thank you for the follow up and taking the time to share your solution!
What advantages do you see moving this configuration to the config.json file? What if we included instructions on how to set the proper environment variable in the error you received and include instructions in the README or other appropriate place? (e.g. "[DEBUG] Error: self signed certificate in certificate chain" becomes "[DEBUG] Error: self signed certificate in certificate chain, please see X link to resolve."
With best regards,
Elmer
@thinkingserious It doesn't matter much for me, but I can think one: it seems to be how other projects have implemented it, to allow for more granular control of the certificate chain. The method I used is a global setting and applies to all Node-based apps you run. That might not be what you want, or when developing you might want a way to do it for just this app.
Is it a hard thing to do?
@giwleb,
Great point about needed to modify your global settings, not ideal. I'm not sure what the difficulty would be to make that change just yet. I have re-classified this issue for further investigation.
This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.
Thanks again for reporting and the follow up!
Issue Summary
Getting a self-signed cert error. Our company "injects" a TLS cert into the chain and decrypts all traffic. I suspect there might be something I can put in the config file mentioned (like wget's --no-check-certificate option). I did check around but I don't see the config file options.
Steps to Reproduce
Add a self-signed cert to your certificate path
In the CLI
twilio api:verify:v2:services:verifications:create --service-sid VA... --to +13... --channel sms --custom-friendly-name "test1234" -l debug
Technical details:
twilio-cli/2.21.0 win32-x64 node-v15.14.0
-l debug
to the end of the command):