I'm trying to connect to a public API that's on the following domain https://curs.bnr.ro, but I'm facing this issue:
Error: unable to verify the first certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34) at TLSSocket.emit (node:events:518:28) at TLSSocket._finishInit (node:_tls_wrap:1078:8) at ssl.onhandshakedone (node:_tls_wrap:864:12) { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'My code is the following:
import tls from "node:tls";tls .connect( { host: "curs.bnr.ro", port: 443, }, function () { console.log("ok"); } ) .on("error", function (err) { console.log(err); });From my understanding, since the URL can be accessed from the browser without issues, the error I'm facing seems to indicate that I don't have the necessary root CA.I see that NodeJS uses it's own built in certificates: ref1 and ref2, so I'm guessing that the certificate used by the API that I'm trying to call isn't part of this built in list.
By inspecting the certificate of the website(API) I get the following:
I saw that certSIGN is used here and I went on their website and downloaded certSIGN ROOT CA.Then, I converted it from .crt to .pem using openssl x509 -in mycert.crt -out mycert.pem -outform PEM.
Then, in a bash I did export NODE_EXTRA_CA_CERTS=./root.pem before running the app.However, I get the same error. I'm I doing something wrong?
I also tried:
const secureContext = tls.createSecureContext({ ca: [ readFileSync('./root.pem') ],});and then passing the secureContext to tls.connect method and it's the same.
P.S: My node version is 22.11.0