Expected behavior
Please describe here the behavior you are expecting.
To be able to key in my password to Unlock your Data
Actual behavior
What is the current behavior?
Able to login to forestadmin but not able to unlock my data.
Error: Authorization error: Forest server request error: self signed certificate in certificate chain
Failure Logs
Please include any relevant log snippets, if necessary.
Forest error log during “unlock your data”
[forest] 🌳🌳🌳 Authorization error: Forest server request error: self signed certificate in certificate chain
VError: Forest server request error: self signed certificate in certificate chain
at /usr/src/app/node_modules/forest-express/dist/services/forest-server-requester.js:48:23
at Request.callback (/usr/src/app/node_modules/superagent/lib/node/index.js:893:3)
at ClientRequest.<anonymous> (/usr/src/app/node_modules/superagent/lib/node/index.js:810:12)
at ClientRequest.emit (events.js:198:13)
at ClientRequest.EventEmitter.emit (domain.js:448:20)
at TLSSocket.socketErrorListener (_http_client.js:401:9)
at TLSSocket.emit (events.js:198:13)
at TLSSocket.EventEmitter.emit (domain.js:448:20)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at process._tickCallback (internal/process/next_tick.js:63:19)
We are using Fortinet firewall in our company, and because the Let’s Encrypt Root CA has expired on 30 Sep, our firewall device automatically invalidates the cert chain and replaces it with a self signed cert.
Reason: The issue being seen by Fortinet customers is due to Fortinet devices validating the full chain of trust and then invalidating the chain when it sees that the CA IdenTrust DST Root CA X3 is expired, even though the cross-signed ISRG Root X1 root is valid for longer.
https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates
openssl s_client -connect api.forestadmin.com:443
CONNECTED(00000003)
depth=1 C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = FG200E4Q17902931, emailAddress = support@fortinet.com
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = FG200E4Q17902931, emailAddress = support@fortinet.com
verify return:1
depth=0 CN = api.forestadmin.com
verify return:1
---
Certificate chain
0 s:CN = api.forestadmin.com
i:C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = FG200E4Q17902931, emailAddress = support@fortinet.com
1 s:C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = FG200E4Q17902931, emailAddress = support@fortinet.com
i:C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = FG200E4Q17902931, emailAddress = support@fortinet.com
---
Outside my company firewall, i am able to see that the cert chain has expired for api.forestadmin.com
openssl s_client -connect api.forestadmin.com:443 -servername api.forestadmin.com 13:55
CONNECTED(00000006)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
0 s:/CN=api.forestadmin.com
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Context
Please provide any relevant information about your setup.
- Package Version: 6.7.2
- Express Version: 4.17.1
- Sequelize Version:
- Database Dialect:
- Database Version:
- Project Name: