Nodejs errors out with unable_to_verify_leaf_signature for some certificates

Question

I am trying to work with nodejs which sends some data to other servers. Nodejs is communicating with the other servers on https and nodejs verifies the other servers' certificates with the root certificates available. The requirement is the nodejs has to reject the un-authorized ones.

I am testing the above setup with some test servers. For one test server I have created a server certificate and is signed by a self signed CA certificate 'CA1.cer' using openSSL. For the other test server I have followed the same as the first test server, but using the makecert utility.

Now I have included both the CA certs in my nodejs code. The problem is nodejs is failing for the test server which has certs created using makecert utility. But the same code works with the test server which has the certs created using openSSL.

On the other hand both the servers goes fine on the browser without any cert errors..

My nodejs options are as below and I am on version v0.8.18:

var options = {
    host: host,
    port: port,
    path: pathname,
    method: 'POST',
    ca: [ fs.readFileSync('./ca1.cer'), //created using OpenSSL
          fs.readFileSync('./ca2.cer') ], // created using makecert util
    agent: false,
    requestCert: true,
    rejectUnauthorized: true,
    auth: cred,
    headers: {
        'Content-Type': 'text/xml',
        'Content-Length': xmldata.length
    }
};

Please help....

Answer 1

The problem is resolved. The certificate created from makecert util was not in .pem format. Once converting into the .pem the above code is working. Thanks Andrei for the support.

Answer 2

To allow making request to the server with invalid SSL certificate, add to the options:

"rejectUnauthorized": false