Soap client with Node and strong-soap returning error with cerficate

Question

I am using strong-soap (but with node-soap is the same result) node module to connect with soap services.

In the first step I am creating the client and trying to connect one method in this case "doLogin" method.

My code is:

soap.createClient(url, clientOptions, (err, client) => {
var loginApi = { UserName: "xxxx", Password: "xxxxxx" };
var loginUser = {
  userName: "[email protected]"
};
client.addSoapHeader(header);
//client.setSecurity(new soap.BasicAuthSecurity(loginApi));
// we now have a soapClient - we also need to make sure there's no `err` here.
client.doLogin(loginUser, (err, result) => {
  //'result' is the response body
  console.error(err);
  console.log("Result: \n" + JSON.stringify(result));
});

But the variable err is returning this error in the console:

{ Error: unable to verify the first certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:639:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38) code: 
    'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

and result is undefined.

1. why is happening this error?
2. result is undefined by the error?

Answer 1

FIXED:

I have added correct certificates and rejectUnauthorized: false to create client and added "envelope" directive to the headers and now it is working.

I don´t like the instruction rejectUnauthorized: false by security topics and I would like to know how to remove this in production environment.

Thank you!!

Answer 2

I have faced same error, unable to verify the first certificate. This is because of SSL cerficate isnt verified.

Your nodejs script calls your server, it is going to carry out the full TLS check process (as you would hope). This will check the certificates for validity etc.

To work around this issue, you can run the following Steps:

npm config set strict-ssl false

As a best practice, it is wise to set it back to true afterwords so you do not accidentally install an untrusted module that you actually do not trust.

After this,

npm cache clean --force

Add the following environment variable:

NODE_TLS_REJECT_UNAUTHORIZED=0

For Linux:

export NODE_TLS_REJECT_UNAUTHORIZED=0

For Nginx

NODE_TLS_REJECT_UNAUTHORIZED=0

For Window: this will set for only current command prompt screen,

set NODE_TLS_REJECT_UNAUTHORIZED=0

This has solved issue for me. Please try

Note: Make sure you do not leave this option on in production. Please don't disable TLS checks at all.