I am using Puppeteer within a Docker container to connect to a website that uses its own SSL certificate. I have done the following setup steps:
google-chrome-stable in my Docker image using the command recommended in the Puppeteer documentation./usr/local/share/ca-certificates in my Docker container.await puppeteer.launch({ executablePath: '/usr/bin/google-chrome' })
await page.goto('https://my-page-url')
However, when this code runs in the Docker container I get the following error:
net:ERR_CERT_AUTHORITY_INVALID at https://my-page-url
The ERR_CERT_AUTHORITY_INVALID indicates that Chrome is unable to verify the SSL certificate for the site I am trying to reach. How can I make this error go away? I have seen that there are Chrome options such as --ignore-certificate-errors, but I would rather have Chrome successfully connect to the site using the certificate.
According to this superuser post, Chrome does not use the OS certificate store and instead uses its own. Once I followed the recommended steps to set up my own certificate store, I was able to connect to my site successfully. The updates I made were as follows:
libnss3-tools in my Docker image so that I can use the certutil tool. Documentation on the certutil tool can be found here.RUN mkdir -p "$HOME"/.pki/nssdb && certutil -d "$HOME"/.pki/nssdb -N
CERT_PATH=/usr/local/share/ca-certificates
cd $CERT_PATH
for i in *.crt ; do
certutil -d sql:"$HOME"/.pki/nssdb -A -n "$i" -i "$CERT_PATH/$i" -t TCP,TCP,TCP
done
And to avoid any confusion, the TCP,TCP,TCP part has nothing to do with Transmission Control Protocol, it is the trust args for the cert where
(refer to the certutil docs for -t argument).