TheHive: self signed certificate

Questions
1

Hi all!
I’ve tried some experiments with wonderful n8n and TheHive and got an error on the first stage.

My error is:

Error: TheHive error response [undefined]: self signed certificate

Yes, I am using SSC.
Could I bypass this restriction somehow?

2

Welcome to the community @Dmytro_Biletskyi

The HTTP library we use has a parameter called rejectUnauthorized . I believe that if this parameter is set to false your issue should be solved. Perhaps we expose that parameter in the credentials so that the user can active/deactivate depending on the use case.

3

Oh, thanks!
Could you please give some details on how to set rejectUnauthorized to false?

It will be wonderful if you’ll add ability to active/deactivate it using UI!

4

I’m running docker version

5

Ehm do I understand you correctly @Dmytro_Biletskyi that you are using TheHive node and not the HTTP Request node?

Because then it would not be possible yet and we would first have to add that option also to that node.

6

Yes, you are right
So, to disable SSL validation I should use ‘http request’ to thehive instance instead?

I am totally new to n8n, sorry for stupid questions:)

7

Because then it would not be possible yet and we would first have to add that option also to that node.
I think it will be very helpful for many users if this option will be added in future!

8

The HTTP Request node is not very helpful for you there. You would have to do then everything manually.

Yes, agree. We added it to our ToDo list as it should be very simple to implement.

9

wow, sounds great!
Waiting :slight_smile:

10

You could use NODE_EXTRA_CA_CERTS environment variable to trust the self signed cert, or NODE_TLS_REJECT_UNAUTHORIZED to disable validation from everything (not the preferred way though). I’m personally using the NODE_EXTRA_CA_CERTS with TheHive :slight_smile:

https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file
https://nodejs.org/api/cli.html#cli_node_tls_reject_unauthorized_value

1 Like
11

Thanks!
something like this?
https://docs.axway.com/bundle/API_Builder_4x_allOS_en/page/enable_additional_ca_certificates.html

12

I wouldn’t mess with the package.json like in that guide, but you need to create the file containing your own trusted certs (like in the guide’s step 1), and then mount it inside the docker container and set the environment variable, so this should work:

docker run -v /path/to/your/extra-ca-certs.pem:/extra-ca-certs.pem -e NODE_EXTRA_CA_CERTS=/extra-ca-certs.pem -p 5678:5678 n8nio/n8n
13

Could I use OpenSSL to generate required cert?

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

If not, could you please give a hint on how to do it

14

@Dmytro_Biletskyi Got added. Now there is a parameter called Ignore SSL issues in the credentials. We will let you know when it is released.

https://github.com/n8n-io/n8n/pull/1541

15

@RicardoE105 Is something similar available for the FTP node? I am basically getting the same error there, hence I can’t use the FTP as it has a self-signed certificate :confused:

16

Maybe the FTP library that we use behind the scene has a flag that allows doing so.

Please make a feature request and upvote it.

17

How to ignore such errors in “Read RSS” action in Docker instance of n8n?
screen_2023.08.29.001

18

Hey @liuwa,

Welcome to the community :raised_hands:

The RSS Feed node doesn’t have this option but we could add it fairly quickly. Generally it is best to open a new topic if your question is not related to the node being asked about or if the thread is older like this one.