Remove these lines.
Loading via Chrome https://www.mathtutortime.com:3001/ looks like a client certificate is required.
FireFox has another error.
1 Like
Yeah, I was telling that about an hour ago already.. 
Funny thing is: my own 23 lines of NodeJS-code I scraped from the internet with almost the same client certificate requirement-code gives a whole different error on OpenSSL: 140461813286720:error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl/record/rec_layer_s3.c:1543:SSL alert number 116.. So something strange is going on I recon, albeit I still think it's connected to the client certificate requirement.
2 Likes
Ok, I removed those lines. Now restarting the server and posting via postman I get: Unable to verify the first certificate.
Going to the php script that posts I get: lobby.php:1 Access to fetch at 'https://www.mathtutortime.com:3001/account/get_tutoring/requestWhiteboard' from origin 'https://mathtutortime.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'mathtutortime.com/account/get_tutoring'. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
1 Like
I listed a couple of postman-related links above. Just so you realized.
1 Like
Yep, now it works. Via OpenSsl and with both browsers.
Add the intermediate certificate, see your port 443.
That's an application error outside of this forum.
1 Like
Ok, thanks, Yea I agree the third looks like something I might be able to fix outside the forum. Do I add the intermediate certificate to nodejs I guess? I have never had to do that before. The error I am getting looking at the network tab of devtools is the same that I was getting before - "ERR_BAD_SSL_CLIENT_AUTH_CERT") Could that have to do with no intermediate certificate? Is that another file I need to add? I had never had to do that when I was setting up a certificate with the server being another hosting provider. I guess it could have to do with Cors...If you guys don't see any issue connecting to that port, I can mark it as answered then, and fix whatever else I need to. I just feel like it might be bad to not reject unauthorized and not request certificate. I don't get why we needed to do that...
1 Like
No.. It literally says "client auth cert".. I.e., client authentication certificate. Which is what we were talking about and why you removed/commented out those two lines that @JuergenAuer suggested.
The intermediate certificate is normally send by the server. While not every TLS client will complain about a missing intermediate certificate, a lot of them actually do. So it's good practice to always server the intermediate certificate too. If you've used certbot for the issuance of your Let's Encrypt certificate, you'd use the fullchain.pem file. This is simply a concatenation of the end leaf certificate and the intermediate certificate. In my little NodeJS experiment just now, NodeJS understands this concatenated file nicely, so you don't have to add anything to your NodeJS configuration. Just point the "cert" file to the concatenated file.
Client certificate authentication is not used very often. If you don't know what this is, you probably don't use it.
2 Likes
I follow until you tell me that is why we removed those lines. I am getting this error AFTER removing those lines...?
Thank you for the explanation of the rest, I really appreciate it! Everybody was very helpful.
1 Like
You're still getting client certificate authentication errors? Because I'm not getting any.. Actually, I'm not getting any error in my Chromium client..
1 Like
There's an extensive related history after a recent postman update from several users at the first postman link that I posted above. I don't think you're alone here.
1 Like
Ok, yes I'm getting errors from that, where my php is trying to post to my nodejs server. That must be something I need to fix in my php then.
1 Like
Thank you, Griffin. I haven't checked out your links yet, I'll look at them.
2 Likes
Perhaps?
We too where stuck on this after we had to update our certificate (due to expiry). The server requires Client Authentication and we previously had PEM files for the private (no passphrase) and public key.
Desperate and trying everything I instead added the PFX as cert and the passphrase for it and then it worked!I've double checked that the keys are the same in the PEM and the PFX but clearly something in the PFX helps sorting this out...
1 Like
Ok. Clearly there is a lot more for me to learn. I'll take a look at it. Between all the information everybody gave me I believe I can get this working in my php and Nodejs now. Thank you all!
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.