Correct way to handle "Unable to Get Local Issuer Certificate" in an electron app

About

Asked 21/3, 2019 at 10:21 Answered 28/1 at 1:50

A node/electron app gets deployed on the end user's machine. It tries to make an HTTPS request to a server. Depending on the user's network setup, this may work fine, or Node may throw the error "Unable to Get Local Issuer Certificate". As far as I understand, this happens when the client is behind a proxy with SSL interception or something similar.

I know SO and github are full of questions like this. But the only generic "solution" I could find is breaking SSL entirely either at process level:

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0

or at request level:

rejectUnauthorized: "false"

There's also the option to somehow specify the correct certificate when making the HTTP request. But it seems to almost require custom setup for every user and I haven't found any examples of doing it in a generic way.

1. Why is this issue specific to Node apps, while every other app on the computer works fine?

2. Can it be fixed in a general and cross-platform way?

Parentage answered 21/3, 2019 at 10:21 Comment(4)

your try to connect to server over https, where the server should have ssl certificates configured in nginx/apache/nodejs. Also client should provide proper certificates while making request to server – Cabdriver 11/5, 2019 at 5:31

This issue doesn't depend on the server. It only happens when the client is behind an intercepting proxy. – Parentage 12/5, 2019 at 6:33

This is the best description of this issue I've seen and also the questions I have regarding the "solutions". I am going to try "certificate pinning". I do not think it's the client's issue, however, as other HTTPS invocations are working fine. @VikashSingh I do not understand how a client is expected to supply certificates to a server. – Bashuk 14/8, 2019 at 13:1

@Parentage Mine is a server-to-server app on the same subnet, no proxies. – Bashuk 14/8, 2019 at 13:1

I think the correct way is as described in this answer:

https://mcmap.net/q/142956/-npm-install-error-unable-to-get-local-issuer-certificate

In summary:

Guess which site it's trying to access -- probably github.com in order to download a release of the Electron binaries e.g. from https://github.com/electron/electron/releases/tag/v28.2.0
Navigate to that page using Chrome, find and export the page's root certificate

For me this creates a *.crt file in PEM file format, my Downloads directory
Add this file's path to npm's cafile config option.

Remmer answered 28/1 at 1:50 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags