DEV Community

Cover image for Step-by-Step Guide to Fixing Node.js SSL Certificate Errors
Hardik Mervana
Hardik Mervana

Posted on

Step-by-Step Guide to Fixing Node.js SSL Certificate Errors

#webdev #node #javascript #programming

When working with Node.js applications, SSL/TLS certificates are essential for secure communication over the internet. However, developers often encounter SSL certificate errors, which can disrupt the functionality of their applications. These errors can arise due to various reasons, such as misconfigured certificates, missing intermediate certificates, or issues with the certificate chain.

Understanding SSL Certificate Errors in Node.js

SSL certificate errors in Node.js typically occur when the application cannot verify the authenticity of the server’s SSL certificate. Some common errors include:

  • UNABLE_TO_VERIFY_LEAF_SIGNATURE
  • CERT_HAS_EXPIRED
  • UNABLE_TO_GET_ISSUER_CERT_LOCALLY
  • DEPTH_ZERO_SELF_SIGNED_CERT

These errors often stem from issues like missing intermediate certificates, self-signed certificates, or incorrect system configurations.

Step 1: Identify the Specific SSL Error

The first step in resolving SSL certificate errors is to identify the exact error message. For example, if you encounter the UNABLE_TO_GET_ISSUER_CERT_LOCALLY error, it means Node.js cannot find the issuer certificate in its trusted root store. This error often occurs when intermediate certificates are missing or not properly configured.

Step 2: Ensure the Certificate Chain is Complete

A complete certificate chain is crucial for SSL/TLS verification. The chain typically includes:

  1. The server certificate
  2. Intermediate certificates
  3. The root certificate

If any of these are missing, Node.js will fail to verify the certificate. To fix this:

  • Obtain the missing intermediate certificates from your Certificate Authority (CA).
  • Concatenate the certificates into a single file (e.g., fullchain.pem) in the correct order: 
-----BEGIN CERTIFICATE-----
(Your server certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----`
Enter fullscreen mode Exit fullscreen mode
  • Configure your server to use the fullchain.pem file.

Step 3: Update Node.js and Dependencies

Outdated versions of Node.js or its dependencies may lack support for modern SSL/TLS standards. Ensure you’re using the latest stable version of Node.js and update your dependencies by running:

npm update
Enter fullscreen mode Exit fullscreen mode

Step 4: Configure the NODE_EXTRA_CA_CERTS Environment Variable

If the error persists, you can manually specify additional CA certificates using the NODE_EXTRA_CA_CERTS environment variable. This is particularly useful for self-signed certificates or custom CAs.

  • Save your CA certificate(s) to a file (e.g., ca-certs.pem).
  • Set the environment variable before running your Node.js application: 
export NODE_EXTRA_CA_CERTS=/path/to/ca-certs.pem
node your-app.js
Enter fullscreen mode Exit fullscreen mode

Step 5: Disable SSL Verification (Not Recommended)

As a last resort, you can disable SSL verification entirely. However, this approach is highly discouraged as it compromises security. To disable SSL verification, set the rejectUnauthorized option to false in your HTTPS request:

const https = require('https');
const options = {
  hostname: 'example.com',
  port: 443,
  path: '/',
  method: 'GET',
  rejectUnauthorized: false // Disables SSL verification
};

const req = https.request(options, (res) => {
  console.log('statusCode:', res.statusCode);
  res.on('data', (d) => {
    process.stdout.write(d);
  });
});

req.end();
Enter fullscreen mode Exit fullscreen mode

Step 6: Test Your Configuration

After implementing the above steps, test your application to ensure the SSL certificate error is resolved. You can use tools like openssl to verify the certificate chain:

openssl s_client -connect example.com:443 -showcerts

Final Words

SSL certificate errors in Node.js can be frustrating, but they are often easy to resolve with the right approach. By ensuring a complete certificate chain, updating your environment, and configuring additional CA certificates, you can Fix UNABLE_TO_GET_ISSUER_CERT_LOCALLY Error in Node.js and other common SSL issues. Always prioritize security and avoid disabling SSL verification unless absolutely necessary. With these steps, your Node.js application should be able to establish secure connections without any hiccups.

AWS
 Promoted

AWS Q Developer image

Your AI Code Assistant

Ask anything about your entire project, code and get answers and even architecture diagrams. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Start free in your IDE

Top comments (0)

Sentry
 Promoted

nextjs tutorial video

Youtube Tutorial Series 📺

So you built a Next.js app, but you need a clear view of the entire operation flow to be able to identify performance bottlenecks before you launch. But how do you get started? Get the essentials on tracing for Next.js from @nikolovlazar in this video series 👀

Watch the Youtube series

👋 Kindness is contagious

Engage with a wealth of insights in this thoughtful article, valued within the supportive DEV Community. Coders of every background are welcome to join in and add to our collective wisdom.

A sincere "thank you" often brightens someone’s day. Share your gratitude in the comments below!

On DEV, the act of sharing knowledge eases our journey and fortifies our community ties. Found value in this? A quick thank you to the author can make a significant impact.

Okay