🐛 BUG: TLS peer's certificate is not trusted for GlobalSign GCC R3 DV TLS CA 2020 #4081
Labels
bug
Something that isn't working
Comments
kyouheicf
changed the title
|
hi @kyouheicf , this is more of a feature request for https://github.com/cloudflare/workerd, but my understanding is that it is unlikely that there are plans to support this. we use node's certificate store (https://nodejs.org/api/tls.html#tlsrootcertificates) on windows and the system certificate store otherwise -- if the desired certificate is not available, the workaround is to use the NODE_EXTRA_CA_CERTS environment variable as you've noted. given this, there is not much else we can do here, so i'll go ahead and close the issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which Cloudflare product(s) does this pertain to?
Workers Runtime
What version(s) of the tool(s) are you using?
wrangler 3.10.1
What version of Node are you using?
v19.1.0
What operating system are you using?
macOS
Describe the Bug
SSL certificate verification will fail for this URL https://www.qbhouse.co.jp/search/514
The workaround is use NODE_EXTRA_CA_CERTS=certfile, which is downloaded from https://support.globalsign.com/ca-certificates/intermediate-certificates/domainssl-intermediate-certificates
I hope workerd will include such the certificates by default
Please provide a link to a minimal reproduction
https://gist.github.com/kyouheicf/f302607ee65eabf7a1525ed56efaed23
Please provide any relevant error logs
workerd/jsg/util.c++:275: error: e = kj/compat/tls.c++:221: failed: TLS peer's certificate is not trusted; reason = unable to get local issuer certificate
The text was updated successfully, but these errors were encountered: