How to trust VGS certificate for OUTBOUND requests?

Context
When attempting to send a request from your server to VGS, you may receive "Error: self signed certificate in certificate chain" in response. If you get an error about a self signed certificate, then you'll need to trust the VGS certificate on your server.

Firefox is known to allow you to add your own certificates, while other browsers use the operating system's certificates. This means your programming language that you implement your code in will need to add the certificate to your trusted certificates to avoid this error. When subject and issuer (see image below) are the same this is called self-signed, VGS provides a self-signed certificate (sandbox.pem and live.pem) to verify the request is coming from a valid system.

Browser example of subject and issuer where the certificate is not the same (not self-signed).
browser-example.png

VGS self-signed certificates (sandbox.pem and live.pem).
code-snippets.png

Documentation
From the VGS Dashboard go to the Code snippets section to access your vault's example with the VGS self-signed certificates.
https://www.verygoodsecurity.com/docs/code-samples


VGS Example
Please review how to add the self-signed certificates using environmental variables with a Node.js server. You'll see the .env file will require setting NODE_EXTRA_CA_CERTS=sandbox.pem in order to access the certificate within your code like process.env.NODE_EXTRA_CA_CERTS.
https://github.com/verygoodsecurity/vgs-node-js-redact-reveal-server

Can also see how this is noted in the Node.js documentation of adding additional certificates to your application.
https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.