TheHive: self signed certificate

Dmytro_Biletskyi · February 14, 2021, 8:57pm

Hi all!
I’ve tried some experiments with wonderful n8n and TheHive and got an error on the first stage.

My error is:

Error: TheHive error response [undefined]: self signed certificate

Yes, I am using SSC.
Could I bypass this restriction somehow?

RicardoE105 · February 15, 2021, 2:58am

Welcome to the community @Dmytro_Biletskyi

The HTTP library we use has a parameter called rejectUnauthorized . I believe that if this parameter is set to false your issue should be solved. Perhaps we expose that parameter in the credentials so that the user can active/deactivate depending on the use case.

Dmytro_Biletskyi · February 15, 2021, 7:25am

Oh, thanks!
Could you please give some details on how to set rejectUnauthorized to false?

It will be wonderful if you’ll add ability to active/deactivate it using UI!

Dmytro_Biletskyi · February 15, 2021, 9:29am

I’m running docker version

jan · February 15, 2021, 2:50pm

Ehm do I understand you correctly @Dmytro_Biletskyi that you are using TheHive node and not the HTTP Request node?

Because then it would not be possible yet and we would first have to add that option also to that node.

Dmytro_Biletskyi · February 15, 2021, 3:13pm

Yes, you are right
So, to disable SSL validation I should use ‘http request’ to thehive instance instead?

I am totally new to n8n, sorry for stupid questions:)

Dmytro_Biletskyi · February 15, 2021, 4:15pm

Because then it would not be possible yet and we would first have to add that option also to that node.
I think it will be very helpful for many users if this option will be added in future!

jan · February 15, 2021, 6:31pm

The HTTP Request node is not very helpful for you there. You would have to do then everything manually.

Yes, agree. We added it to our ToDo list as it should be very simple to implement.

Dmytro_Biletskyi · February 15, 2021, 6:55pm

wow, sounds great!
Waiting

mluhta · February 15, 2021, 8:08pm

You could use NODE_EXTRA_CA_CERTS environment variable to trust the self signed cert, or NODE_TLS_REJECT_UNAUTHORIZED to disable validation from everything (not the preferred way though). I’m personally using the NODE_EXTRA_CA_CERTS with TheHive

Dmytro_Biletskyi · February 15, 2021, 9:25pm

Thanks!
something like this?

mluhta · February 15, 2021, 9:33pm

I wouldn’t mess with the package.json like in that guide, but you need to create the file containing your own trusted certs (like in the guide’s step 1), and then mount it inside the docker container and set the environment variable, so this should work:

docker run -v /path/to/your/extra-ca-certs.pem:/extra-ca-certs.pem -e NODE_EXTRA_CA_CERTS=/extra-ca-certs.pem -p 5678:5678 n8nio/n8n

Dmytro_Biletskyi · February 16, 2021, 5:56am

Could I use OpenSSL to generate required cert?

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

If not, could you please give a hint on how to do it

RicardoE105 · March 16, 2021, 2:04am

@Dmytro_Biletskyi Got added. Now there is a parameter called Ignore SSL issues in the credentials. We will let you know when it is released.