CODEWITHSUNDEEP
coinbase-api
JULIEN RZEZNIK
JULIEN RZEZNIK

Reputation: 93

UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when calling the Coinbase NODEJS API

Since yesterday 5:30 PM (Paris time), I get a UNABLE_TO_GET_ISSUER_CERT_LOCALLY when trying to list my accounts. I'm using the nodejs library, and it was working fine since several months.

The exact error from the client.getAccounts is :

{ Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1142:34)
    at TLSSocket.emit (events.js:188:13)
    at TLSSocket._finishInit (_tls_wrap.js:631:8) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }

Edit: I've just tried the same calls with the Python API, and it's working fine. So I feel like there is an issue currently with the Coinbase NodeJS API.

Upvotes: 8

Views: 5049

Answers (2)

hwertz
hwertz

Reputation: 293

"What are the security risks (if any) associated with setting strictSSL to false? How do you "export" the new SSL certificates?"

The connection is encrypted, and TLS prevents tampering, BUT with strictSSL set to false it's theoretically possible to do a MITM (Man In The Middle) attack, since the SSL certificate is not fully checked to make sure it's authentic, some hoser (the man in the middle) could use a fake certificate. I'd switch it to get going, but get new certificates going as soon as possible.

Upvotes: 2

user2249567
user2249567

Reputation: 384

According to Coinbase they updated their certificates at 10.30am PST yesterday. The node client has strictSSL set to true so requests will fail as the certificate chain fails.

Fix: when you initiate the client you can either set strictSSL to false or pass in the new valid certificates.

Set strictSSL to false:

var Client = require('coinbase').Client;
var client = new Client({
   apiKey: mykey, 
   apiSecret: mysecret,
   strictSSL: false
});

update cert files (you should be able to export them here - https://baltimore-cybertrust-root.chain-demos.digicert.com/ or try coinbase.com and export there):

var Client = require('coinbase').Client;
var client = new Client({
   apiKey: mykey, 
   apiSecret: mysecret,
   caFile: myNewCertFile
});

myNewCertFiles should follow this files format with the updated certs: https://github.com/coinbase/coinbase-node/blob/master/lib/CoinbaseCertStore.js

Upvotes: 17

Related Questions