Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UNABLE_TO_GET_ISSUER_CERT_LOCALLY on web.sso.xx-xx.log while configuring SSO. #213

Open
cstisa opened this issue Jun 3, 2024 · 3 comments
Open

UNABLE_TO_GET_ISSUER_CERT_LOCALLY on web.sso.xx-xx.log while configuring SSO. #213

cstisa opened this issue Jun 3, 2024 · 3 comments

Comments

@cstisa
Copy link

cstisa commented Jun 3, 2024

Dear all,

We have installed the community server via docker using the workspace-install.sh script.
All is running but i am trying to configure the SSO via SAML using keycloak following this procedure ONLYOFFICE/ControlPanel#6

I have the follwing error on the sso log :

{"error":{"message":"request to https://onlyoffice-testdomain.tld/ssologin.ashx?config=saml failed, reason: unable to get local issuer certificate","type":"system","errno":"UNABLE_TO_GET_ISSUER_CERT_LOCALLY","code":"UNABLE_TO_GET_ISSUER_CERT_LOCALLY"},"level":"error","message":"uncaughtException: request to https://onlyoffice-test.domain.tld/ssologin.ashx?config=saml failed, reason: unable to get local issuer certificate\nFetchError: request to https://onlyoffice-test.domain.tls/ssologin.ashx?config=saml failed, reason: unable to get local issuer certificate\n    at ClientRequest.<anonymous> (/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js:1461:11)\n    at ClientRequest.emit (node:events:517:28)\n    at TLSSocket.socketErrorListener (node:_http_client:501:9)\n    at TLSSocket.emit (node:events:517:28)\n    at emitErrorNT (node:internal/streams/destroy:151:8)\n    at emitErrorCloseNT (node:internal/streams/destroy:116:3)\n    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)","stack":"FetchError: request to https://onlyoffice-test.domain.tld/ssologin.ashx?config=saml failed, reason: unable to get local issuer certificate\n    at ClientRequest.<anonymous> (/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js:1461:11)\n    at ClientRequest.emit (node:events:517:28)\n    at TLSSocket.socketErrorListener (node:_http_client:501:9)\n    at TLSSocket.emit (node:events:517:28)\n    at emitErrorNT (node:internal/streams/destroy:151:8)\n    at emitErrorCloseNT (node:internal/streams/destroy:116:3)\n    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)","exception":true,"date":"Mon Jun 03 2024 14:28:23 GMT+0000 (Coordinated Universal Time)","process":{"pid":2241,"uid":104,"gid":107,"cwd":"/var/www/onlyoffice/Services/ASC.SsoAuth","execPath":"/usr/bin/node","version":"v18.19.1","argv":["/usr/bin/node","/var/www/onlyoffice/Services/ASC.SsoAuth/app.js","UNIX.SERVER"],"memoryUsage":{"rss":107929600,"heapTotal":30453760,"heapUsed":28918456,"external":1277453,"arrayBuffers":77409}},"os":{"loadavg":[0.08,0.07,0.08],"uptime":347400.67},"trace":[{"column":11,"file":"/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js","function":null,"line":1461,"method":null,"native":false},{"column":28,"file":"node:events","function":"ClientRequest.emit","line":517,"method":"emit","native":false},{"column":9,"file":"node:_http_client","function":"TLSSocket.socketErrorListener","line":501,"method":"socketErrorListener","native":false},{"column":28,"file":"node:events","function":"TLSSocket.emit","line":517,"method":"emit","native":false},{"column":8,"file":"node:internal/streams/destroy","function":"emitErrorNT","line":151,"method":null,"native":false},{"column":3,"file":"node:internal/streams/destroy","function":"emitErrorCloseNT","line":116,"method":null,"native":false},{"column":21,"file":"node:internal/process/task_queues","function":"process.processTicksAndRejections","line":82,"method":"processTicksAndRejections","native":false}]}
{"message":"::ffff:127.0.0.1 - - [03/Jun/2024:14:29:23 +0000] \"POST /validatecerts HTTP/1.1\" - - \"-\" \"-\"","level":"info"}

I have setup HTTPS using a internal certificat and this is working well.

Maybe you have an idea on what is wrong here ?

Thank you

Best Regards, Edouard Fazenda.
@Carazyda
Copy link
Member

Carazyda commented Jun 3, 2024

Hello @cstisa Apparently your certificate is not signed by a root CA certificate. You can try this solution from the Internet
npm config set registry http://registry.npmjs.org/

@cstisa
Copy link
Author

cstisa commented Jun 3, 2024

Hello @Carazyda,

Thanks for the update, but not sure what this command do, could you please explain or give me the article from internet ?

Thanks a lot.

@Carazyda
Copy link
Member

Carazyda commented Jun 3, 2024

Try this in communityserver container and on the host. https://cheapsslweb.com/blog/fixing-unable-to-get-issuer-cert-locally-error/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Carazyda @cstisa