NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post Reply
rowen
Newbie
Posts: 11
Joined: Fri Oct 12, 2018 10:16 am

NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by rowen »

Hello,

We've recently enabled HTTPS on Switch (2020 Spring).
The Web Portal, Webhooks and external calls to the Web Services are working.

However, since then scripts in NodeJS (using VSCode and Node v16.17.0) return the following error:
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:

The HTTPS certificate is issued for the domain name where Switch Web Services are located and where our clients log in to the Switch Portal.

Searching the web it seems localhost isn't really certifiable, although there are workarounds.
I've successfully created an app on that machine (but external to Switch) that runs an https server and has a self-signed certificate for localhost.

But I have no idea how to apply that to Switch.

Is there a way to tell Switch that localhost calls don't have to be encrypted?
Or a way to have it accept a self-signed certificate?

Could there be something missing from the HTTPS configuration?

Thank you,
Rodrigo
freddyp
Advanced member
Posts: 1008
Joined: Thu Feb 09, 2012 3:53 pm

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by freddyp »

And what if you use the IP address of the Switch Server instead of localhost (127.0.0.1)?
rowen
Newbie
Posts: 11
Joined: Fri Oct 12, 2018 10:16 am

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by rowen »

Wouldn't that slow down processing since the traffic is going through the router and back in?

I'm just using the Script element, so I don't think I can define the IP address the call is made to, right?

But maybe if I use a Remote Process instead… It seems a bit elaborate for simple scripts (and my skill level), but I'll give it a try.
freddyp
Advanced member
Posts: 1008
Joined: Thu Feb 09, 2012 3:53 pm

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by freddyp »

In terms of speed I would not worry too much. There is a good chance the operating system will optimize that. And if it is a difference between "it is 2 seconds slower and it works" and "it does not work", the choice is an easy one.

There is no limitation in scripts with regards to the use of IP addresses.

Remote process? I do not know what it is you are doing, but if you want to do REST API calls to the local Switch Web Service using "Remote process" seems overkill.

Another possible approach is to see if the HTTP package you are using has support for ignoring certificate errors.
rowen
Newbie
Posts: 11
Joined: Fri Oct 12, 2018 10:16 am

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by rowen »

Of course, having it work is the priority.

And yes, I agree that it would be overkill to use Remote process…

The scripts we've implemented so far are pretty simple…
We're talking receiving text or xml files from a Switch folder, reading and writing new files with metadata, and sending them back out to Switch to the appropriate Connection.

In sum, most my scripts start with a "jobArrived" function and end with a "job.sendTo" function…

I've actually been testing this issue with the StringSplitter script you've demoed in a webinar, since it's simple enough (and tested), just to make sure my scripts weren't the problem.

How can I add the IP (or perhaps the protocol) I want Switch to use for handling scripts?

I forgot to mention, but these scripts are all stored locally.
And a more comprehensive log is as follows:

Code: Select all

The notification to 'ws://127.0.0.1:55095/api/v1/process' has been sent successfully. Waiting for the "processing finished" response.

Received the "processing finished" response from 'ws://127.0.0.1:55095/api/v1/process'

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:
freddyp
Advanced member
Posts: 1008
Joined: Thu Feb 09, 2012 3:53 pm

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by freddyp »

Ah right, I thought you were accessing the REST API from within your script, but it is a script that does nothing with HTTP , it is an internal error.

What are the settings in the Preferences for the protocol in "Web services" and in "Remote processing"? You have probably enabled HTTPS. Set this to No and add a rule to the firewall to block access to that port from the outside. The setting for "Web services" can remain as they are.
rowen
Newbie
Posts: 11
Joined: Fri Oct 12, 2018 10:16 am

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by rowen »

Solved!

Yes, I had enabled HTTPS for "Web services" and "Remote processing".

I disabled HTTPS on "Remote processing" and it started working. Didn't even need to add the rule do the firewall.

Thank you!
freddyp
Advanced member
Posts: 1008
Joined: Thu Feb 09, 2012 3:53 pm

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by freddyp »

Good!

Adding the rule to the firewall is not necessary to make it work, but it is advised to do it to avoid exposing that port to the outside world. Or perhaps that was already the case?
rowen
Newbie
Posts: 11
Joined: Fri Oct 12, 2018 10:16 am

Re: NodeJS error since enabling HTTPS (TLS CERT ALTNAME INVALID)

Post by rowen »

Ah, of course!

I think it might be already blocked, since out IT is very strict about it…
But I'll ask about it and have it blocked if it isn't.

Thanks!
Post Reply