node.js macos azure-storage-queues azure-storage-explorer azurite

Error: unable to verify the first certificate in nodejs azure queue storage createMessage

I am trying to test my Azure Queue Storage on Azurite emulator on MacOS in a local environment. I wrote a piece of code to send a message, which was to be viewed on Azure Storage Explorer. I am using the https connection string as stated in the Azurite documentation and have set up self-signed rootCA.pem certificate in Azure Storage Explorer. However when I take my code in a file file.js and run node file.js. It gives me the following error message still. Does anyone know what I have done wrongly? Let me know if more information is required.

file.js

'use strict';


const storage = require('azure-storage');
const queueService = storage.createQueueService("DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://127.0.0.1:11000/devstoreaccount1;QueueEndpoint=https://127.0.0.1:11001/devstoreaccount1;");

queueService.messageEncoder = new storage.QueueMessageEncoder.TextBase64QueueMessageEncoder();



function testing() {

  queueService.createMessage('emailv2', "Hello world", (error) => {
    if (error) {
      console.log('Error encountered when enqueueing welcome message', error);
      console.log()
    }
  });
}



console.log(testing())

Error message

Error encountered when enqueueing welcome message Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket._finishInit (_tls_wrap.js:932:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}

Solution

Regarding the error, it seems that the root certificate is missing from your Node's CA bundle then chain verify fails. I suggest you add the root certificate in your node runtime.

For example

Configure Https for Azurite emulator

a. generate PEM file and Key file

 mkcert -install
 mkcert 127.0.0.1

b. Strat Azurite emulator with HTTPS

azurite --cert 127.0.0.1.pem --key 127.0.0.1-key.pem -s -l c:\azurite -d c:\azurite\debug.log --oauth basic

Code

//add the root certificate in your HTTP angent 
const rootCas = require("ssl-root-cas").create();
rootCas.addFile("<the path of rootCA.pem>");
require("https").globalAgent.options.ca = rootCas;

const storage = require("azure-storage");
const queue = storage.createQueueService(
  "DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=https://127.0.0.1:10001/devstoreaccount1;"
);
// use our own HTTP anagent 
queue.enableGlobalHttpAgent = true;
// the message encoding I use base64
queue.messageEncoder = new storage.QueueMessageEncoder.TextBase64QueueMessageEncoder();
queue.createMessage("test", "hello", (error) => {
  if (error) throw error;
  console.log("send sucessfully");
});

queue.getMessages("test", (error, serverMessages) => {
  if (error) throw error;
  console.log(serverMessages[0].messageText);
  queue.deleteMessage(
    "test",
    serverMessages[0].messageId,
    serverMessages[0].popReceipt,
    (error) => {
      if (error) throw error;
      console.log("complete the message successfully");
    }
  );
});

For more details, please refer to here and here