I am new to back-end development. And I am really enjoying writing code in node. However, there are few things I just can't seem to grasp. I kept getting the following error:
Error: DEPTH_ZERO_SELF_SIGNED_CERT
I fixed it by implementing the following code:
if ('development' == app.get('env')) {
console.log("Rejecting node tls");
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
}
I understand we are setting an environment. But, what does this mean in a plain language? I don't know how to explain it to someone else. There is a lot onof info, how to fix it, but I can't find anything on what does this actually mean.
Can someone explain?
Node is complaining because the TLS (SSL) certificate it's been given is self-signed (i.e. it has no parent - a depth of 0). It expects to find a certificate signed by another certificate that is installed in your OS as a trusted root.
Your "fix" is to disable Node from rejecting self-signed certificates by allowing ANY unauthorised certificate.
Your fix is insecure and shouldn't really be done at all, but is often done in development (it should never be done in production).
The proper solution should be to put the self-signed certificate in your trusted root store OR to get a proper certificate signed by an existing Certificate Authority (which is already trusted by your server).
As an additional point your logging should thus read "Disabling Node's rejection of invalid/unauthorised certificates"