Hipchat Beta API v2 errors with self signed certificate about hipchatter HOT 7 OPEN

Cool, I actually don't have access to the HipChat Beta yet. :/
CC @terinjokes who generously supplied the first pull request dealing with it. Perhaps he can help you out?

from hipchatter.

@hawmps Out of curiosity, did you upload just the private key + cert, or did you also upload the intermediate chain from your issuer? I suspect the former, which is why you're not getting a valid chain back. Does the official HipChat clients not give you similar errors? (Our instance has a valid chain)

@charltoons As for the addressing the feature request, needle supports the node standard rejectUnauthorized option, which can be set to false. If the user sets a custom endpoint, you may be interested in allowing the user to set this. I, personally, would be a bit hesitant about allowing it for the default https://api.hipchat.com/v2/ endpoint.

from hipchatter.

@terinjokes Awesome. Thanks for the advice, I'll look into that.

from hipchatter.

@terinjokes

1. I don't get any errors from clients
2. I think the problem is not on the hipchat side, its that the ca option for https uses just the mozilla list. Becuase we have our own internal root CA, node js does not trust the certificate on hipchat.
3. Rather than disable rejectUnauthorised , hipchatter should allow an option for ca to be passed in. I don't actually know what the correct option should be or where the keystore should be located. (EG can node read from window certificate store?)

from hipchatter.

@hawmps Node expects an array of certificates to use the certificate store, it won't use the Windows store by default, and you'll have to figure out how to query that yourself.

from hipchatter.

Thanks @terinjokes

@charltoons Do you think that rejectUnauthorized be left alone, and instead allow the ca option to be passed through to needle? The user can then supply their own argument, rather than building that functionality into hipchatter. It's such an edgecase - a windows enterprise shop that uses their own RootCA, hipchat and nodejs :)

from hipchatter.

@hawmps I'm not sure right now. I'm on a mac without access to HipChat hosted right now, so it might take me a while to do some research into this.

from hipchatter.