TheHive: self signed certificate

Dmytro_Biletskyi · 14 February 2021 20:57

Hi all!
I’ve tried some experiments with wonderful n8n and TheHive and got an error on the first stage.

My error is:

Error: TheHive error response [undefined]: self signed certificate

Yes, I am using SSC.
Could I bypass this restriction somehow?

RicardoE105 · 15 February 2021 02:58

Welcome to the community @Dmytro_Biletskyi

The HTTP library we use has a parameter called rejectUnauthorized . I believe that if this parameter is set to false your issue should be solved. Perhaps we expose that parameter in the credentials so that the user can active/deactivate depending on the use case.

Dmytro_Biletskyi · 15 February 2021 07:25

Oh, thanks!
Could you please give some details on how to set rejectUnauthorized to false?

It will be wonderful if you’ll add ability to active/deactivate it using UI!

Dmytro_Biletskyi · 15 February 2021 09:29

I’m running docker version

jan · 15 February 2021 14:50

Ehm do I understand you correctly @Dmytro_Biletskyi that you are using TheHive node and not the HTTP Request node?

Because then it would not be possible yet and we would first have to add that option also to that node.

Dmytro_Biletskyi · 15 February 2021 15:13

Yes, you are right
So, to disable SSL validation I should use ‘http request’ to thehive instance instead?

I am totally new to n8n, sorry for stupid questions:)

Dmytro_Biletskyi · 15 February 2021 16:15

Because then it would not be possible yet and we would first have to add that option also to that node.
I think it will be very helpful for many users if this option will be added in future!

jan · 15 February 2021 18:31

The HTTP Request node is not very helpful for you there. You would have to do then everything manually.

Yes, agree. We added it to our ToDo list as it should be very simple to implement.

Dmytro_Biletskyi · 15 February 2021 18:55

wow, sounds great!
Waiting

mluhta · 15 February 2021 20:08

You could use NODE_EXTRA_CA_CERTS environment variable to trust the self signed cert, or NODE_TLS_REJECT_UNAUTHORIZED to disable validation from everything (not the preferred way though). I’m personally using the NODE_EXTRA_CA_CERTS with TheHive

Dmytro_Biletskyi · 15 February 2021 21:25

Thanks!
something like this?

mluhta · 15 February 2021 21:33

I wouldn’t mess with the package.json like in that guide, but you need to create the file containing your own trusted certs (like in the guide’s step 1), and then mount it inside the docker container and set the environment variable, so this should work:

docker run -v /path/to/your/extra-ca-certs.pem:/extra-ca-certs.pem -e NODE_EXTRA_CA_CERTS=/extra-ca-certs.pem -p 5678:5678 n8nio/n8n

Dmytro_Biletskyi · 16 February 2021 05:56

Could I use OpenSSL to generate required cert?

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

If not, could you please give a hint on how to do it