I am trying to make a service in express js . Which will collect information through API. That API requires key and cert . I also set all sort of things . But it giving me error on 0A00018E:SSL routines::ca md too weak in my local computer. Here is my code
const axios = require('axios');
const fs = require('fs');
const path = require('path');
const https = require('https');
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
// Define certificate and key file paths
const certFile = path.join(__dirname, '../certs/create.crt');
const keyFile = path.join(__dirname, '../certs/create.key');
// Define agent options
const agentOptions = {
cert: fs.readFileSync(certFile),
key: fs.readFileSync(keyFile),
rejectUnauthorized: false,
minVersion: 'TLSv1'
};
// Create https.Agent with the options
const agent = new https.Agent(agentOptions);
// Function to get secure token
const getSecureToken = async () => {
try {
const postData = {
password: '123456Aa',
userName: 'test'
};
const response = await axios.post(
'https://url.com:7700/transaction/token',
postData,
{
headers: { 'Content-Type': 'application/json' },
httpsAgent: agent // Use the custom https agent
}
);
return response.data.transactionId;
} catch (error) {
console.error(`Error fetching secure token: ${error.stack || error.message}`);
throw new Error(`Error fetching secure token: ${error.message}`);
}
};
How can I fix that ? Thanks in advance
The answer is in the error messages (error:0A00018E:SSL routines::ca md too weak). OpenSSL refuses to use the CA certificate because certain parameters are considered insecure nowadays. This could be caused by the certificate using MD5 or SHA1 for signing.
You should regenerate your CA and certificates with secure hash algorithms for the signature, as your currently used hash algorithms are not considered secure anymore.
There is a workaround available by adding the following to your openssl.cnf:
tls-cipher "DEFAULT:@SECLEVEL=0"
Another workaround is available since OpenVPN 2.6.0: