You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Rick Jarvis <ri...@magicmail.mooo.com> on 2021/10/18 20:43:49 UTC

invalid certs

Can anyone tell me (urgently lol) how to ignore invalid certificates with nano?

My backups haven’t been running and I’m desperate.

I’ll then need to figure out why, despite having updated all the routes etc (due to R3 expiry) it’s still not working!

Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
    at TLSSocket.emit (node:events:390:28)
    at TLSSocket._finishInit (node:_tls_wrap:944:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
  scope: 'socket',
  errid: 'request',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  description: 'unable to verify the first certificate',
  stacktrace: [
    'Error: unable to verify the first certificate',
    '    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)',
    '    at TLSSocket.emit (node:events:390:28)',
    '    at TLSSocket._finishInit (node:_tls_wrap:944:8)',
    '    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)'
  ]
}

-- 
Rick Jarvis

Re: invalid certs

Posted by William Edney <be...@technicalpursuit.com>.

Rick -

Based on this SO question:
https://stackoverflow.com/questions/20082893/unable-to-verify-leaf-signature

setting NODE_TLS_REJECT_UNAUTHORIZED might fix your problem.

If you don't have access to the code, you can set a shell variable and
restart Node:

 export NODE_TLS_REJECT_UNAUTHORIZED=0

CAUTION: This should only be used as a TEMPORARY fix until you can get your
certs updated. It opens you up to attacks.

Cheers,

- Bill

On Mon, Oct 18, 2021 at 3:44 PM Rick Jarvis <ri...@magicmail.mooo.com> wrote:

> Can anyone tell me (urgently lol) how to ignore invalid certificates with
> nano?
>
> My backups haven’t been running and I’m desperate.
>
> I’ll then need to figure out why, despite having updated all the routes
> etc (due to R3 expiry) it’s still not working!
>
> Error: unable to verify the first certificate
>     at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
>     at TLSSocket.emit (node:events:390:28)
>     at TLSSocket._finishInit (node:_tls_wrap:944:8)
>     at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
>   scope: 'socket',
>   errid: 'request',
>   code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
>   description: 'unable to verify the first certificate',
>   stacktrace: [
>     'Error: unable to verify the first certificate',
>     '    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)',
>     '    at TLSSocket.emit (node:events:390:28)',
>     '    at TLSSocket._finishInit (node:_tls_wrap:944:8)',
>     '    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)'
>   ]
> }
>
> --
> Rick Jarvis

Re: invalid certs

Posted by Rick Jarvis <ri...@magicmail.mooo.com>.

Thanks Bill that’s a great help, has worked for all but one of them for some reason. The final one errors with:

session_request_unauthorized

-- 
Rick Jarvis

On 18 October 2021 at 23:35:06, William Edney (bedney@technicalpursuit.com) wrote:

Rick -  

Based on this SO question:  
https://stackoverflow.com/questions/20082893/unable-to-verify-leaf-signature  

setting NODE_TLS_REJECT_UNAUTHORIZED might fix your problem.  

If you don't have access to the code, you can set a shell variable and  
restart Node:  

export NODE_TLS_REJECT_UNAUTHORIZED=0  

CAUTION: This should only be used as a TEMPORARY fix until you can get your  
certs updated. It opens you up to attacks.  

Cheers,  

- Bill  

On Mon, Oct 18, 2021 at 3:44 PM Rick Jarvis <ri...@magicmail.mooo.com> wrote:  

> Can anyone tell me (urgently lol) how to ignore invalid certificates with  
> nano?  
>  
> My backups haven’t been running and I’m desperate.  
>  
> I’ll then need to figure out why, despite having updated all the routes  
> etc (due to R3 expiry) it’s still not working!  
>  
> Error: unable to verify the first certificate  
> at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)  
> at TLSSocket.emit (node:events:390:28)  
> at TLSSocket._finishInit (node:_tls_wrap:944:8)  
> at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {  
> scope: 'socket',  
> errid: 'request',  
> code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',  
> description: 'unable to verify the first certificate',  
> stacktrace: [  
> 'Error: unable to verify the first certificate',  
> ' at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)',  
> ' at TLSSocket.emit (node:events:390:28)',  
> ' at TLSSocket._finishInit (node:_tls_wrap:944:8)',  
> ' at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)'  
> ]  
> }  
>  
> --  
> Rick Jarvis

Re: invalid certs

Posted by Rick Jarvis <ri...@magicmail.mooo.com>.

Oh ignore me, it’s late, that’s a simple auth issue, I’ve been trying old config files! I need bed…

Just need to work out why it’s not picking up the new ca now...

-- 
Rick Jarvis

On 19 October 2021 at 00:08:55, Rick Jarvis (rick@magicmail.mooo.com) wrote:

Thanks Bill that’s a great help, has worked for all but one of them for some reason. The final one errors with:  

session_request_unauthorized  

--   
Rick Jarvis  

On 18 October 2021 at 23:35:06, William Edney (bedney@technicalpursuit.com) wrote:  

Rick -  

Based on this SO question:  
https://stackoverflow.com/questions/20082893/unable-to-verify-leaf-signature  

setting NODE_TLS_REJECT_UNAUTHORIZED might fix your problem.  

If you don't have access to the code, you can set a shell variable and  
restart Node:  

export NODE_TLS_REJECT_UNAUTHORIZED=0  

CAUTION: This should only be used as a TEMPORARY fix until you can get your  
certs updated. It opens you up to attacks.  

Cheers,  

- Bill  

On Mon, Oct 18, 2021 at 3:44 PM Rick Jarvis <ri...@magicmail.mooo.com> wrote:  

> Can anyone tell me (urgently lol) how to ignore invalid certificates with  
> nano?  
>  
> My backups haven’t been running and I’m desperate.  
>  
> I’ll then need to figure out why, despite having updated all the routes  
> etc (due to R3 expiry) it’s still not working!  
>  
> Error: unable to verify the first certificate  
> at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)  
> at TLSSocket.emit (node:events:390:28)  
> at TLSSocket._finishInit (node:_tls_wrap:944:8)  
> at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {  
> scope: 'socket',  
> errid: 'request',  
> code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',  
> description: 'unable to verify the first certificate',  
> stacktrace: [  
> 'Error: unable to verify the first certificate',  
> ' at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)',  
> ' at TLSSocket.emit (node:events:390:28)',  
> ' at TLSSocket._finishInit (node:_tls_wrap:944:8)',  
> ' at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)'  
> ]  
> }  
>  
> --  
> Rick Jarvis