0

Currently I have two systems:

  • A Vultr Server running An Express.js Backend and a Discord Bot (Self Certified SSL)
  • A Firebase App Running my React App.

The current way the app is set up is the react app is sending a request to the backend (The Express App) using Axios. When I use axios to try to hit an API endpoint on my express app, it returns in the console:

Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID

How do I go about fixing this so I can be able to get the information from my Vultr app using Firebase without getting the Cert Invalid error? Is it Possible? Can I do it using HTTP on my VPS' IP Address while having HTTPS on Firebase? I saw the following circulating but it has not worked:

const instance = axios.create({
    httpsAgent: new https.Agent({ 
      rejectUnauthorized: false
    })
  });
Gem
  • 31
  • 1
  • 2

1 Answers1

-2

The error message is just telling you that your certificate is untrusted.

You've got two choices: trust or ignore

Blindly ignoring ssl errors is very very bad, makes you succetible to man in the middle attacks. The way certificates work is that they delegate their 'trust' to a parent until you reach a CA (Certificate Authority). Let's say you buy a certificate from godaddy, they sign your certificate, so when someone is trying to see if your certificate is valid, they go to godaddy's CA, get the public key and check if your is valid.

If you self sign a certificate there's no CA, hence, no way of trusting it. Unless you explicitly add it to the ca bundle file in your operating system.

Self signed certificates beat no certificates at all, and manually trusting it beats ignoring ssl errors. But, it's a bit of work to catch on with the concepts but it becomes easier with time. If your app is meant for a hobby, ignore away.

Trusting

To trust globally, you would have to get your certificate and add it to the ca trust bundle, which requires you to have access to the OS and admin privileges, which is the casa for your vultr app but not for firebase.

In firebase's case you'd have to fetch the certificates public key and pass it as an argument to axios

here's how

Ignoring

here's how

Magus
  • 2,905
  • 28
  • 36