Reputation: 2650
Azure Blob Storage : unable to verify the first certificate
I have created a new azure storage account. Inside which i have a blob container, the access type of which is set to 'private'. Following is my nodejs code through which i try to create a container.
var azure = require('azure-storage');
var accountName = "xxxxxxxxxx";
var accessKey = "veryLongAccessKey";
var host = "https://abc.blob.core.windows.net";
var blobSvc = azure.createBlobService(accountName, accessKey, host);
blobSvc.createContainerIfNotExists('myblobContainer', function(error, result, response) {
console.log("error");
console.log(error);
console.log("result");
console.log(result);
console.log("response");
console.log(response);
});
When i execute this code i get following error.
{ Error: unable to verify the first certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1062:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:586:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
what am I missing?
Upvotes: 0
Views: 6533
Answers (2)
Reputation: 163
I got some issue around SSL verification when trying to connect to Azure Storage blob from my company's network (fire-walled and proxied) and tried turning off the SSL verification and it worked.
const myRequest = require('request').defaults({strictSSL: false})
Don't forget to re-enable this again at the end. While this works temporarily, it is a workaround/dirty fix and not a solution.
Upvotes: 0
Reputation: 26424
openssl s_client -connect {StorageAccount}.blob.core.windows.net:443 \
-servername {StorageAccount}.blob.core.windows.net
says:
Certificate chain
0 s:/CN=*.blob.core.windows.net
i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation
/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation
/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
You're probably missing the Baltimore Root CA.
Probable causes:
The certificate is missing from your Node's CA bundle and chain verify fails. Not familiar with how Node handles its CA bundle, but it's worth doing the research
There's something nosing into your TLS (Fiddler or some other man-in-the-middle TLS inspector)
A workaround using ssl-root-cas can be found here (if you're unable to track the root cause).
Upvotes: 2
Related Questions
- Node azure blobService.generateSharedAccessSignature() returns an incorrect token
- Connection to Azure Cloud Blob Storage fails with invalid certificate
- Authorization Failed while making GET Request to Azure Blob Storage [REST API][Azure Blob Storage]
- SharedKeyCredential is not a constructor - Azure Blob Storage + Nodejs
- Hash mismatch (integrity check failed) with Azure Blob Storage
- Azure Storage Blob Put SSL handshake error
- Azure "blobService is not defined" error with NodeJS
- Azure blob sasToken "Signature did not match"
- node.js azure storage blob
- AuthenticationFailed with Azure node.js SDK's createContainerIfNotExist method