I'm surprised to discover that public certificates issued by AWS ACM trigger the error "unable to verify the first certificate" when using axios and node-fetch. However, when I use curl from the command line, I don't get an error. So my questions are:
Why does node behave this way? Curl can use the underlying OS, it seems, which recognizes the CA authority of the AWS ACM issued certificates; does node have its own set of CA authorities?
How can I solve this problem without enabling the
rejectUnauthorizedoption within a configuredhttpsAgent? Is there a way to get node to behave like curl by e.g. using the OS's set of recognized CA authorities? Is there some setting within the AWS ACM console that might make the certificates more amenable to axios?
NOTE: I am not interested in the solution of configuring axios to recognize any particular CA certificate (I'd like a general solution to enable me to ping multiple AWS ACM issued certificates that I do not necessarily control).
Edit: I'm using OSX 11.3.
Thanks!