On Thu, Mar 6, 2014 at 6:09 PM, Kevin Ingwersen
<[email protected]>wrote:
> I dont know what you actually mean by CA - but.
>
> > https.globalAgent.options
> {}
>
> This comes up in the node REPL, and it clearly shows an empty object -
> there is no 'ca' entry. What would be the expected output here? (btw - node
> 0.10.24)
>
When you buy one of the cheaper SSL certificates it will work in browsers
and most mobile phones, which are updated frequently, but it may not work
in, say, Ubuntu 12.04 LTS.
So when you are trying to correct to a site with a relatively new cert
that's on the bottom tier (signed by several intermediate certificates) you
have to manually add the CA pem files to the chain yourself or you get
errors like CERT_UNTRUSTED.
I'm no SSL expert, this is just what I've learned from buying a RapidSSL
certificate.
Originally I got the error UNABLE_TO_VERIFY_LEAF_SIGNATURE, which I was
able to rectify by adding the RapidSSL CAs to the chain, but doing so
knocked out all of the other CAs.
So I can connect to Facebook, which uses a certificate that's in the chain
RapidSSL uses, but I can't connect to Twitter or Stripe, which use
certificate chains that stem from other SSL cert issuing companies.
AJ ONeal
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
