UNABLE_TO_VERIFY_LEAF_SIGNATURE w/ Restify client

[Nick Parsons]

We're having some issues when using the JSON client to hit HTTPS URLs. I've tried several URLs, which are secured with valid SSL certs (not self signed), and we're still getting an UNABLE_TO_VERIFY_LEAF_SIGNATURE error. 

An example URL is https://api.6px.io and https://studio5eleven.com. It's probably worth noting that both of those URLs SSL certificates were generated by GoDaddy. I tried hitting https://graph.facebook.com.

I've done quite a bit of research on Google and Stackoverflow and can't seem to pinpoint a fix. My guess is that I'm missing something on my server, or I need to specify a setting in the API to handle those types of errors gracefully. Regardless, we have to make sure that the requests are going through as we're using the JSON client to hit user specified endpoints.

[Mark Cavage]

Hey Nick,

You probably need to pass in `rejectUnauthorized: false` for now to
workaround, but this is almost certainly going to be caused by not
having the right CA bundle being loaded by node (not restify). I
would make an attempt to see if this works with the plain node HTTPS
client in the most basic form, and then we can figure out what the
delta is.

BTW: Is this on windows or linux?

> --
> You received this message because you are subscribed to the Google Groups
> "restify" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to restify+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Nick Parsons]

Thanks, Mark. I'll look into rejectUnauthorized. It's happening both locally (OSX) and on our Ubuntu AWS instance.

On Friday, September 6, 2013 8:56:52 AM UTC-6, Mark Cavage wrote

[Nick Parsons]

Setting rejectUnauthorized to false did the trick. Looks like Node changed the default value to true around 0.10.4:

http://nodejs.org/docs/v0.10.4/api/https.html#https_https_request_options_callback

Thanks for the heads up!