I'm having a problem with a particular HTTPS get call when I upgrade to 6.6.3. I'm not sure if this is actually true, but it seems that with the new security enhancements it seems that meteor is actively trying to authenticate the CA from which the request is returned from.
The error I get is this: UNABLE_TO_VERIFY_LEAF_SIGNATURE - I get this when I try to login through an SSO server on.
After contacting the server administrators, they've passed me the ca.pem file that the meteor server can use to validate the certificate. I've tried every which way to put it into the node.js configs that the meteor server runs on to no avail. So my question is two fold:
- What does Meteor do when trying to authenticate a certificate from a server?
- How can I give the correct CA to Meteor so that it authenticate properly?
You haven't provided enough information but I have seen this before. If you have a meteor server running 0.6.6.3 and you are trying to access it from a nodejs script using something like node-ddp? If so and this error emitted as a socket error then:
If this is the case you need to set up not only the CA file but the intermediate files. Meteor on its own cannot generally do this you need a proxy to convert the https to http which would sit in front of meteor.
You have one of 3 files you generally need. The CA, your Key and the Intermediate chain. The
UNABLE_TO_VERIFY_LEAF_SIGNATURE
usually comes out because you've not specified the chain.Meteor does not directly take CAs or handle SSL. You have to use your own proxy which would be something else like nginx or a script like this one.
If you are using
meteor deploy
this should be ok as long as your domain is of the form*.meteor.com
. If you're using your own domain the domain signatures wont match & you would have to use your own hosting if you want to use SSL