Security Certificate Issue

[agrover8]

Hi,
I am getting Uncaught AssertionError: expected [Error: self signed certificate] to equal error in ABAO as my API's is using secured certificate. Is there any way in ABAO if I can pass the security certificate file?

[plroebuck]

How would you define your test if all you had was curl?
If you can describe your use-case, maybe I can come up with something...
Otherwise, wondering if this isn't something you can already do with HTTP headers...

[itafroma]

Hi @plroebuck, one use case for this is running Abao on a local development environment, where you may need to use a self-signed certificate for logistical reasons or convenience. If I had to define the test via cURL, I'd use its -k/--insecure insecure option on the command line or set the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 if I were using libcurl.

[plroebuck]

If the idea is to do insecure testing, would this work?

$ env NODE_TLS_REJECT_UNAUTHORIZED=0 abao api.raml --server localhost:8181

[itafroma]

That totally works, thanks!

[plroebuck]

@agrover8, does the workaround above address your issue? Still need a real longterm solution, but we can document this as stand-in procedure until then...

[gbarker]

@plroebuck the use case is one where the server is secured using Mutual TLS. So a specific cert needs to be passed by the client. Curl handles it with the --cert option. Here is a description of how it works with curl: http://callistaenterprise.se/blogg/teknik/2011/04/04/curl-mutual-authentication-and-web-services/