deno: an error occurred trying to connect: invalid certificate: UnknownIssuer

Hi,

Just installed deno and try to run welcome.ts file which is mentioned in docs, i am facing this issue. Details are below.

D:\deno>deno run https://deno.land/welcome.ts
Downloading https://deno.land/welcome.ts
WARN RS - Sending fatal alert BadCertificate
an error occurred trying to connect: invalid certificate: UnknownIssuer
an error occurred trying to connect: invalid certificate: UnknownIssuer

D:\deno>deno version
deno: 0.4.0
v8: 7.6.53
typescript: 3.4.1

Anybody faced this issue.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 12
  • Comments: 31 (12 by maintainers)

Commits related to this issue

Most upvoted comments

The --cert flag has fixed my issue (i.e., corporate environment with transparent proxies and self signed certificates).

> deno --version
deno 1.0.0-rc1
v8 8.2.308
typescript 3.8.3

> deno run --cert corporate.pem https://deno.land/std/examples/welcome.ts
Download https://deno.land/std/examples/welcome.ts
Compile https://deno.land/std/examples/welcome.ts
Welcome to Deno 🦕
+10
tdillon on May 7, 2020

I’m in a corporate environment with transparent proxies and self signed certificates. Some way of adding a trusted cert or ignoring invalid certs would be helpful.

$ deno -v
deno: 0.23.0
v8: 7.9.317.12
typescript: 3.6.3

$ deno https://deno.land/std/examples/welcome.ts
Download https://deno.land/std/examples/welcome.ts
WARN RS - rustls::session:815 - Sending fatal alert BadCertificate
https://deno.land/std/examples/welcome.ts: error trying to connect: invalid certificate: UnknownIssuer
+9
tdillon on Nov 7, 2019

for corporate/mitm certs, you can also consider DENO_TLS_CA_STORE=mozilla,system (or just ...=system) option.

+5
rinsuki on Jun 16, 2022

I’m trying to use Deno to write a Kubernetes API client. Almost all Kubernetes servers use a self-signed ca setup, so this feature is crucial. Is this coming anytime soon?

I think this should be straight-forward to add --cert flag to load additional certificate to HTTP client. I can take a look at that

+3
bartlomieju on Dec 4, 2019

Same error, can’t connect to PostgreSQL on Linode VPS, the PostgreSQL is on the same host.

I fixed it by using 127.0.0.1 instead of localhost in PostgreSQL connection URL. Maybe caused by how localhost resolved by linode or something like that…

InvalidData: invalid certificate: UnknownIssuer
    at deno:core/core.js:86:46
    at unwrapOpResult (deno:core/core.js:106:13)
    at async write (deno:runtime/js/12_io.js:107:12)
    at async writeAll (https://deno.land/std@0.93.0/io/util.ts:79:17)
    at async BufWriter.flush (https://deno.land/std@0.93.0/io/bufio.ts:470:7)
    at async Connection.sendStartupMessage (https://deno.land/x/postgres@v0.11.2/connection/connection.ts:239:5)
    at async Connection.startup (https://deno.land/x/postgres@v0.11.2/connection/connection.ts:296:32)
    at async Pool.#createConnection (https://deno.land/x/postgres@v0.11.2/pool.ts:119:5)
    at async DeferredStack.pop (https://deno.land/x/postgres@v0.11.2/connection/deferred.ts:31:14)
    at async Pool.connect (https://deno.land/x/postgres@v0.11.2/pool.ts:112:24)
+2
al6x on May 31, 2021

Related/Duplicate of #1371?

+2
tdillon on Feb 3, 2020
Read more comments on GitHub
← deno: `AbortSignal.reason` not available in `lib.dom.d.ts`
deno: Argument of type 'string | URL' is not assignable to parameter of type 'string' →