Unable to verify security certificate but works in browser; likely problem with underlying library.

[mvolz]

With https://www.frames.gov/catalog/57576 I get Internal Server Error ,and output from Zotero is:

(3)(+0020275): HTTP GET https://www.frames.gov/catalog/57576

(1)(+0000802): Error: unable to verify the first certificate

    Error: unable to verify the first certificate
        at TLSSocket.onConnectSecure (_tls_wrap.js:1112:34)
        at TLSSocket.emit (events.js:182:13)
        at TLSSocket.EventEmitter.emit (domain.js:441:20)
        at TLSSocket._finishInit (_tls_wrap.js:625:8)

  InternalServerError: An error occurred retrieving the document
      at Object.throw (/home/marielle/code/zotero/node_modules/koa/lib/context.js:93:11)
      at module.exports.WebSession.handleURL (/home/marielle/code/zotero/src/webSession.js:196:19)
      at process.internalTickCallback (internal/process/next_tick.js:77:7)

But, the browser doesn't seem to have a problem with the certificate.

[dstillman]

The site is misconfigured. They're not properly serving the necessary intermediate certificate, which they're supposed to do. You can see this in the the SSL Labs test:

https://www.ssllabs.com/ssltest/analyze.html?d=www.frames.gov&hideResults=on

This will fail in any HTTP client that doesn't already have the intermediate certificate and doesn't automatically download additional certificates. As an example, while this works for me in curl on macOS, it fails in curl on Linux, and Node is failing for the same reason. (Usually in cases like this the site will work in Chrome, which does download additional certificates, and fail in a new Firefox profile where the certificate hasn't been sent by some other site, though in this case it looks like Firefox has the intermediate certificate built in.)

There's nothing for us to do here, but you could contact the site, point them to the SSL Labs test, and ask them to fix their site.