Hi All, Is there any way to specify the which RooT/Trusted intermedi

I got this to work by passing the request options. <div class="snippet-clipboard-c

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

<a class="user-mention notranslate" data-hovercard-type="user" data-hover

Request-promise will be changed soon in favor of another (see <a class="issue-link js-

Specify trusted root/intermediate CA cert for SSL/TSL communication about node-vault HOT 9 CLOSED

Constantin07 commented on June 9, 2024 3

Specify trusted root/intermediate CA cert for SSL/TSL communication

from node-vault.

Comments (9)

alexraddas commented on June 9, 2024 18

I got this to work by passing the request options.

var options = {
  apiVersion: 'v1',
  endpoint: 'https://127.0.0.1',
  token: '0123456789',
  requestOptions: {
    ca: fs.readFileSync('/etc/ssl/certs/cabundlefile.crt'),
  }
};

var vault = require("node-vault")(options);

from node-vault.

Constantin07 commented on June 9, 2024 3

Are the VAULT_CACERT and VAULT_CAPATH environment variables supported ?

from node-vault.

steve-perkins commented on June 9, 2024

Hi @Constantin07, are you by chance the same Constantine who was facing a similar issue with the other node Vault driver back in March?

https://gitter.im/chiefy/vaulted/archives/2017/03/08

If so, then I am starting to worry that we have the only two Node apps on earth trying to connect with Vault using CA cert verification!

Have you found any solutions or workarounds yet? I'm to point of eschewing "drivers", and just using low-level REST calls to Vault's HTTP API directly.

from node-vault.

Constantin07 commented on June 9, 2024

Hi @steve-perkins, unfortunately I'm another Constantin :-)

For testing purposes I tried to use a self signed cert by placing it in the same directory with Node JS code but I get:

{ RequestError: Error: self signed certificate in certificate chain
    at new RequestError (/opt/node_modules/request-promise/lib/errors.js:11:15)
    at Request.RP$callback [as _callback] (/opt/node_modules/request-promise/lib/rp.js:60:32)
    at self.callback (/opt/node_modules/request/request.js:186:22)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:188:7)
    at Request.onRequestError (/opt/node_modules/request/request.js:878:8)
    at emitOne (events.js:96:13)
    at ClientRequest.emit (events.js:188:7)
    at TLSSocket.socketErrorListener (_http_client.js:310:9)
    at emitOne (events.js:96:13)
    at TLSSocket.emit (events.js:188:7)
    at emitErrorNT (net.js:1277:8)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)
  name: 'RequestError',
  message: 'Error: self signed certificate in certificate chain',
  cause: 
   { Error: self signed certificate in certificate chain
       at Error (native)
       at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
       at emitNone (events.js:86:13)
       at TLSSocket.emit (events.js:185:7)
       at TLSSocket._finishInit (_tls_wrap.js:610:8)
       at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'SELF_SIGNED_CERT_IN_CHAIN' },
  error: 
   { Error: self signed certificate in certificate chain
       at Error (native)
       at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
       at emitNone (events.js:86:13)
       at TLSSocket.emit (events.js:185:7)
       at TLSSocket._finishInit (_tls_wrap.js:610:8)
       at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'SELF_SIGNED_CERT_IN_CHAIN' },
  options: 
   { json: true,
     resolveWithFullResponse: true,
     simple: false,
     strictSSL: true,
     followAllRedirects: true,
     path: '/*******/*******/*******',
     method: 'GET',
     headers: { 'X-Vault-Token': '*************' },
     uri: 'https://****.*****.***:8200/v1/******/****/*********',
     callback: undefined,
     transform: undefined },
  response: undefined }

No workaround at the moment yet. I don't have strong Node JS experience but looking at source code it doesn't look to long.

from node-vault.

DaniGuardiola commented on June 9, 2024

I will try to fix this in the future.

from node-vault.

AidanWelch commented on June 9, 2024

@alexraddas do you know what the accepted encoding formats for that option are?

from node-vault.

araddas commented on June 9, 2024

@alexraddas do you know what the accepted encoding formats for that option are?

Since node-vault is based on the request-promise module, it would be dependent on which formats are supported by request-promise. For my specific use case its x509 PEM. You can always convert your CA bundle to another format using openssl. https://www.sslshopper.com/article-most-common-openssl-commands.html.

from node-vault.

aviadhahami commented on June 9, 2024

Request-promise will be changed soon in favor of another (see #150)
I will have this in mind for when we will select the correct solution.

Closing the issue for now

from node-vault.

aviadhahami commented on June 9, 2024

Feature request -> allow settings root/intermediate CA cert

from node-vault.

Specify trusted root/intermediate CA cert for SSL/TSL communication about node-vault HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent