Search code examples
httpsaxioscertificatecdnpfx

Axios CDN using pfx https certificate

  • Axios version:

0.20.0

  • Expected Behavior

call success

  • Actual Behavior

POST https://beta.credcoconnect.com/cc/listener net::ERR_BAD_SSL_CLIENT_AUTH_CERT

- **To Reproduce**

<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script> const agent = new https.Agent({ pfx: fs.readFileSync('auth/TopTierGroupLLC-10-8-20.pfx') });

$(".submitBt").click(function(e) {
    axios.post('https://beta.credcoconnect.com/cc/listener', { body: body })
    .then(response => {
    if (response)
    {
        console.log(response.status);
    } else {
        alert('sem resposta');
    }
    }); 
});

I'm just using axios' CDN in an HTML page, I want to send a request to an API but it asks for an authentication certificate. This certificate is valid, but I don't know HOW to make axios read this certificate using ONLY axios CDN.

Solution

  • The error is actually saying the remote cert isn't valid, it can 'read' it fine. The server at beta.credcoconnect.com is using a unsupported root certificate, timed out certificate or most likly a self signed certificate (from the context of the browser).

    This is by nature not trustworthy; attempting to pass a new certificate to the call is meaningless because that isn't the issue, the browser can negotiate against any SSL certificate it just doesn't trust it. What you need to do is:

    (RECOMMENDED) Change the remote ssl certificate to a valid one, you can do this completely for free and automate it using LetsEncrypt (https://letsencrypt.org/)

    A middle tier idea would be to use a backend proxy with a valid certificate as a middle man and use that to call beta.credcoconnect.com. It's easy to make backend calls ignore SSL errors in most languages. This would be the best idea if you have no control over the beta.credcoconnect.com hosting to fix the certificate.

    Attempting to allow a browser to ignore SSL errors locally isn't something i believe you can do with a modern browser, there used to be a 'setOptions' on the XHR object that kind of worked... but i think you should attempt one of the other 2 options.

    Lastly but not recommended at all. If this is a controlled environment where all clients are controlled by you and not a public website then you could add the certifcate to be part of the trusted chain on the client machines. This is often how localhost development using SSL works.