pact-js-core: Pact-broker behind reverse proxy - Unable to publish and verify provider

I have set up pact broker behind a reverse proxy. Getting error while trying to publish and verify the pact. The same works with non-ssl URL

Pact publish error log :

Could not publish pact:
    Error making request - OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed /Users/loheswaran_g/Work/wag-src-repo/fork/boilerplate/react-ui-boilerplate/node_modules/@pact-foundation/pact-node/standalone/darwin-1.43.1/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.14.1/lib/pact_broker/client/pacts.rb:35:in `get', attempt 1 of 3

Pact verify provider error log :

Error: the string "Unable to find pacts for given provider 'APIHealthCheckService' and tags ''" was thrown, throw an Error :)
      at tryCatch (node_modules/es6-promise/dist/lib/es6-promise/-internal.js:188:12)
      at invokeCallback (node_modules/es6-promise/dist/lib/es6-promise/-internal.js:203:13)
      at publish (node_modules/es6-promise/dist/lib/es6-promise/-internal.js:177:7)
      at publishRejection (node_modules/es6-promise/dist/lib/es6-promise/-internal.js:118:3)
      at flush (node_modules/es6-promise/dist/lib/es6-promise/asap.js:92:5)
      at _combinedTickCallback (internal/process/next_tick.js:73:7)
      at process._tickCallback (internal/process/next_tick.js:104:9)

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 17 (12 by maintainers)

Most upvoted comments

What worked for me:

To publish with pact-node or pact-js do the following:

Download your certificate chain that your broker is using. If pulled right out of chrome you will most likely have .cer files.

For example:

  • root.cer
  • intermediate.cer
  • ssl_certificate.cer

Convert those .cer files to .crt files by doing:

  • $ openssl x509 -inform DER -in root.cer -out root.crt
  • $ openssl x509 -inform DER -in intermediate.cer -out intermediate.crt
  • $ openssl x509 -inform DER -in ssl_certificate.cer -out ssl_certificate.crt

Then for ruby to recognize it properly it must be a bundle, so let’s bundle these together similar to the ca-bundle.crt

  • $ cat root.crt intermediate.crt ssl_certificate.crt > ca-bundle.crt

Now within your javascript you must set the SSL_CERT_FILE that the standalone mentions. Make sure the certPath variable resolves to the correct path:

const path = require("path");
const publisher = require("@pact-foundation/pact-node");

const certPath = path.resolve(__dirname, "../ca-bundle.crt");
console.log(certPath);
process.env.SSL_CERT_FILE = certPath;

const opts = {
  providerBaseUrl: "/",
  pactFilesOrDirs: [path.resolve(process.cwd(), "pacts")],
  pactBroker: "<your_https_broker_url>",
  consumerVersion: "1.0.0"
};

publisher.publishPacts(opts).then(() => console.log("Pacts successfully published"));
+2
mstelz on Sep 18, 2019

Which takes me back to my original comment. This is a node TLS configuration, I haven’t tested myself but in theory adding your CA and/or self-signed certificate to the NodeJS runtime configuration should be all that is required.

+1
mefellows on May 23, 2018
Read more comments on GitHub
← pact-js-core: npm install should fail if download standalone fail
pact-jvm: AmqpTarget doesn't find @PactVerifyProvider annotation →