How to ignore SSL certificate validation in node requests?

Dmitry Samoylov picture Dmitry Samoylov · Feb 27, 2019 · Viewed 36.9k times · Source

I need to disable peer SSL validation for some of my https requests using node.js Right now I use node-fetch package which doesn't have that option, as far as I know.

That should be something like CURL's CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false

Does any networking package allow to do so? Is there a way to skip SSL validation in axios maybe?

Answer

iLuvLogix picture iLuvLogix · Feb 27, 2019

Axios doesn't address that situation so far - you can try:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

BUT THAT'S A VERY BAD IDEA since it disables SSL across the whole node server.

Or, you can configure axios to use a custom agent and set rejectUnauthorized to false for that agent as mentioned here.

Example:

// At instance level
const instance = axios.create({
  httpsAgent: new https.Agent({  
    rejectUnauthorized: false
  })
});

instance.get('https://something.com/foo');

// At request level
 const agent = new https.Agent({  
 rejectUnauthorized: false
});

axios.get('https://something.com/foo', { httpsAgent: agent });