npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node_extra_ca_certs_mozilla_bundle

v1.0.6

Published

If you are trying to connect to a secure website via nodejs. Although, the site may work in the browser, you may run into errors such as

Downloads

15,522

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

arvind-agarwalarvind-agarwal

Keywords

NODE_EXTRA_CA_CERTSMozilla certificatesCAcertscertificate errorUNABLE_TO_VERIFY_LEAF_SIGNATURECERT_UNTRUSTEDUnable to verify the first certificatepempem certificatepem certificates

Readme

node_extra_ca_certs_mozilla_bundle

If you are trying to connect to a secure website via nodejs. Although, the site may work in the browser, you may run into errors such as

CERT_UNTRUSTED

UNABLE_TO_VERIFY_LEAF_SIGNATURE

Unable to verify the first certificate

It may be due to a couple of reasons. The Root CA certificate is missing in nodejs Or the site does not correctly install the intermediate certificates.

Typically you encounter these at the last minute, and usually, the server is not in your control; hence you cannot modify the certificate installation, and it is challenging to change code at that time.

Node js added an Environment variable to address this issue:

NODE_EXTRA_CA_CERTS

When set, the well known "root" CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format.

NOTE: This environment variable is ignored when node runs as setuid root or has Linux file capabilities set.

However, it is cumbersome to create the PEM file for missing certificates manually and it can be a security issue if untrusted certificates are accidentally included.

This module is designed to make all SSL sites that work with Mozilla Browser compatible with your nodejs script.

It downloads and creates a PEM file from https://www.ccadb.org/resources (Common CA Database) used by Mozilla

  • https://wiki.mozilla.org/CA/Included_Certificates
  • https://wiki.mozilla.org/CA/Intermediate_Certificates

It generates three different bundles that can be used based on your needs:

  • Intermediate certificates only bundle ca_intermediate_bundle.pem
  • Root only certificates bundle ca_root_bundle.pem
  • Intermediate and Root certificates bundle ca_intermediate_root_bundle.pem

You can use any of the above bundles with NODE_EXTRA_CA_CERTS.

To install:

npm install --save node_extra_ca_certs_mozilla_bundle

During the installation of the module, it downloads the latest certificates from the Mozilla database and builds the PEM file in node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle folder.

You can launch your script while using the above certificates using:

NODE_EXTRA_CA_CERTS=node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem node your_script.js

for Windows use:

npx cross-env NODE_EXTRA_CA_CERTS=node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem node your_script.js

To use the PEM file in code

This is useful when you want to run as root or listen on privilege port like 80. Since in those situations the above environment variable does not work.

const fs = require('fs');
const https = require('https');
https.globalAgent.options.ca = fs.readFileSync('node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem');

To include your custom PEM certificates in code along with this file

If you want to include your custom certificate and still want to connect to other SSL endpoints, you can concat the custom certificate with the generated bundle and use it.

const fs = require('fs');
const https = require('https');
https.globalAgent.options.ca = yourCertificatePEMcontent + fs.readFileSync('node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem');