Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Replies

Avatar

Avatar
Validate 1
Level 1
AlexSel
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
AlexSel
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
AlexSel
Level 1

16-05-2017

Hi Mark,

As far as I understand Node.js request module, you've mentionned, doesn't use the system certificates store, thus it is not obeing manually added root CA certificates.

Could you please suggest the best way to pass our company's root and intermediate certificates chain to the AEM Desktop App in order to try to avoid using strictSSL = false flag? Our internal root CA certificate is self-signed, that's probably why AEM Desktop App was throwing self-signed certificate error (cause of self-signed root in chain that server sends). I would like to force import / pass our root CA as trusted for AEM Desktop App.

From what I see it is possible to be done in request module, but this requires code changes in JS files and I'm not sure where to put it, etc... On other hand, it is not a good approach for future releases upgrade process to newest AEM Desktop App versions.

Please suggest the way to handle the case of custom made certificates with own root CA  (self-signed root in chain, intermediate cert and domain certificate with CN = hostname) which is not issued by any trusted parties. Is it possible to pass them to AEM Desktop App in any way so that they are treated like trusted? Do you have some strategy how this can be solved in next releases otherwise?

Avatar

Avatar
Validate 1
Level 1
AlexSel
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
AlexSel
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
AlexSel
Level 1

17-05-2017

Hi Mark,

We've changed the certificate to the one which is trusted (in all browsers and all tools that can verify it) and now we have another error in AEM Desktop App:

Error: unable to verify the first certificate at Error (native) at TLSSocket.<anonymous> (_tls_wrap.js:1060:38) at emitNone (events.js:86:13) at TLSSocket.emit (events.js:185:7) at TLSSocket._finishInit (_tls_wrap.js:584:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38)

Is it possible to use the following solution in AEM Desktop App (module ssl-root-cas) or do you recommend any other solution for this error?