Unsupported certificate purpose error with nodejs 10

173
May 23, 2019, at 11:40 PM

After upgrade from nodejs 9.11.2 to 10.15.3 on centos 7.5 certificates that signed by local CA stoped to work and failing on "unsupported certificate purpose" error.

Background: I have a cluster, the group of hosts that communicates with each other based on certificate authentication. All operations in the cluster pass through the master host (the host that you connected to, through the GUI), the master functions as gateway to the other hosts in a cluster and to itself . When I add ether new host or master to a cluster, the request passes from the GUI through the master to the new host or to the master itself. Each host acts both as server and client.

When I upgrade hosts to nodejs 10 version, the connection between the hosts is failing on "unsupported certificate purpose" error. Back to nodejs 9 works good.

Do you know any certificates restrictions in v10?

CA certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1557985050622892742 (0x159f132623bf1ac6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=max-ca-creator, C=US
        Validity
            Not Before: May 16 05:37:30 2019 GMT
            Not After : May 13 05:37:30 2029 GMT
        Subject: CN=max-ca-creator, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d8:99:07:f0:7e:49:60:cb:40:f3:f4:c5:9b:24:
                    a9:46:18:6b:e6:c5:cb:a9:df:1c:c5:f9:45:bb:56:
                    fc:79:5b:85:16:46:79:73:45:a9:6a:3a:aa:ee:e7:
                    75:a0:a6:22:32:a0:1f:19:f4:2d:03:f9:61:dd:30:
                    1b:f9:9e:82:68:5a:06:f1:f1:c3:09:ac:85:96:ea:
                    b9:b9:df:12:3b:c1:27:e4:85:87:81:82:c0:b1:08:
                    ed:9b:c0:37:b2:3c:d1:92:df:11:63:ad:45:2d:2c:
                    28:72:50:e4:c2:4e:bb:83:fb:07:b9:7b:59:15:9e:
                    77:62:8c:e2:fb:aa:f5:66:91:58:b3:b5:60:d2:82:
                    81:1e:b6:3d:71:a0:76:f9:f6:f6:b3:19:b0:c7:e0:
                    13:52:4a:60:8f:9a:71:7f:ce:e8:4e:90:47:f3:f2:
                    1f:fc:61:15:47:7c:4c:a3:3b:16:0b:19:5c:22:a3:
                    73:5c:04:49:08:bb:eb:7e:d1:45:8f:a9:f7:e5:28:
                    e0:0c:43:24:36:07:02:76:4f:f0:a7:e6:b8:e1:0f:
                    d0:5a:1b:73:9c:a8:1f:f6:7d:25:11:16:24:17:15:
                    5e:12:c2:cb:8e:a5:2d:3c:e2:d7:a4:fc:65:c1:cf:
                    3f:b8:e9:3b:a6:ba:36:49:5c:4f:fa:f2:a8:80:9d:
                    26:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                OCSP Signing
            X509v3 Subject Key Identifier: 
                9E:1A:02:D0:F9:02:66:CE:3E:28:97:3C:09:40:CF:F9:5B:54:2A:84
            X509v3 Authority Key Identifier: 
                keyid:9E:1A:02:D0:F9:02:66:CE:3E:28:97:3C:09:40:CF:F9:5B:54:2A:84
                DirName:/CN=max-ca-creator/C=US
                serial:15:9F:13:26:23:BF:1A:C6
    Signature Algorithm: sha256WithRSAEncryption
         0a:9a:e0:0b:dd:d1:b8:82:69:04:0e:05:ae:c4:ac:f7:d9:94:
         55:bf:32:df:bc:f1:4f:7b:b3:59:7f:ea:e6:a6:d4:dd:19:e1:
         c5:06:b3:a2:69:49:5c:ab:ee:77:e8:09:42:3f:d4:8d:92:78:
         1d:27:69:50:69:62:b3:bb:d3:2f:02:f2:55:d2:1c:19:ce:a4:
         6a:06:37:1b:f6:21:63:cd:0c:93:11:5d:14:00:1f:22:ce:2e:
         75:03:33:0b:ad:4a:9a:85:60:c0:94:cd:45:89:94:06:36:4c:
         10:5d:45:4a:ca:29:3a:2c:c7:f5:ed:35:4e:f3:7c:05:48:74:
         5c:c6:e7:2b:20:19:99:96:f2:9a:02:53:f1:4f:fd:37:77:f6:
         b7:a5:f5:fc:97:9f:da:70:7e:e2:21:7a:9f:e3:5b:9f:62:03:
         97:42:7b:b4:25:66:73:06:91:88:59:6a:33:08:7b:2a:af:ff:
         c2:be:78:e4:15:4f:4e:9b:ca:da:fd:2c:cd:1d:41:5d:3c:69:
         ac:ac:b0:fb:d0:b8:55:d1:fa:4a:5d:cc:03:1f:00:c1:80:4d:
         99:eb:e4:ad:1c:ba:c6:7c:db:d6:bd:89:c8:05:ba:a3:ec:ab:
         f4:b8:a9:8e:70:42:99:48:4c:e4:8c:20:c4:a4:e7:45:32:06:
         ef:02:67:b4

Signed certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1558543969701986830 (0x15a10f7ba0ea020e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=max-ca-creator, C=US
        Validity
            Not Before: May 22 16:52:49 2019 GMT
            Not After : May 11 16:52:49 2029 GMT
        Subject: C=IL, ST=Israel, L=Herzeliya, O=NetApp.com, OU=IT Department, CN=vsadmin/emailAddress=support@netapp.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bc:dd:6a:6a:f4:ed:79:69:c3:fd:71:d5:35:dc:
                    6a:5c:50:7e:47:c7:bd:36:89:60:b3:e7:b0:16:0b:
                    d8:d6:e2:bf:98:77:12:37:3e:0a:6f:6b:17:f9:9b:
                    a7:c6:97:c6:43:a5:05:e7:73:9a:55:4d:13:05:e3:
                    60:df:69:c5:21:ef:89:5c:e3:76:b3:00:02:f5:a1:
                    97:99:db:07:90:3b:8e:28:51:df:f1:81:0f:d7:b8:
                    b8:23:2b:15:c6:fe:74:df:14:58:e1:20:48:7e:76:
                    da:29:25:9c:9e:85:f2:7d:c2:43:0f:2f:d3:d8:55:
                    40:ab:e6:96:e0:dd:12:01:0e:33:4d:ae:b1:0d:c8:
                    43:85:43:d8:fe:85:f3:9d:c9:d0:7e:89:17:f6:9b:
                    2f:99:5c:4c:4b:34:86:2b:52:97:5e:03:75:99:9d:
                    4b:77:09:28:97:67:87:2b:74:15:69:ed:d2:c2:dd:
                    3e:0f:0a:65:f8:f9:78:04:f6:ef:8e:eb:16:73:de:
                    f6:85:e6:ae:34:3c:ff:93:f7:9b:4d:d7:de:26:d8:
                    b7:75:60:7c:ea:55:e2:e1:80:04:d0:10:07:7e:e2:
                    97:dd:5f:ee:39:1c:ca:d9:58:55:b8:6e:92:03:1e:
                    db:1c:57:ab:f3:24:d6:b2:3c:5f:b7:08:3c:dc:68:
                    57:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name: 
                DNS:cluster-centos03.plexistor.com, IP Address:10.68.216.123
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                CA:18:61:1C:58:97:E7:79:FE:5F:5E:36:83:88:A4:BE:2C:C3:41:FE
            X509v3 Authority Key Identifier: 
                keyid:9E:1A:02:D0:F9:02:66:CE:3E:28:97:3C:09:40:CF:F9:5B:54:2A:84
    Signature Algorithm: sha256WithRSAEncryption
         c4:18:74:53:12:71:87:2f:29:6a:79:d6:2f:80:42:13:b2:f1:
         93:b3:f2:2e:99:60:25:d3:82:db:73:2b:39:74:70:fb:67:5b:
         f3:c8:a9:03:e8:9f:f0:f3:aa:e4:54:58:93:d5:33:21:57:2d:
         1e:31:a3:fc:3a:60:93:38:7a:58:e1:15:f0:10:eb:b5:32:64:
         ec:56:99:f7:87:d7:df:fd:ee:a0:4a:79:3d:d6:57:bf:4f:37:
         27:56:a5:4e:0a:b3:d7:17:49:cc:26:86:17:61:4e:55:e3:d7:
         ee:f1:2c:cf:19:50:4d:98:c0:17:c9:ca:4b:cc:ee:02:92:a7:
         4c:50:b9:d5:3f:56:92:59:d4:60:f5:06:a5:89:89:f7:2a:a5:
         fe:71:f5:c0:49:7d:c7:02:8e:77:2f:6e:85:a1:4b:98:68:77:
         3f:52:aa:c6:e3:1b:48:1d:e5:21:d2:77:1c:b0:90:e5:bf:f6:
         0d:10:df:ba:b7:70:55:65:4b:6b:32:37:9e:fe:6f:55:de:91:
         82:0b:ac:c8:9a:4b:b1:b0:14:00:96:c3:36:a4:7b:9e:20:c4:
         75:67:fe:1b:56:ad:39:60:04:e6:e8:fd:95:62:5b:5b:4f:04:
         e4:20:e9:22:26:85:1f:e1:0a:97:0e:ae:53:71:2c:60:e9:3b:
         d4:d1:23:6a
LAST QUESTIONS
All questions
POPULAR ONLINE
jQuery Categories

Babel presets not loading in webpack 2 with dev-server (Unexpected token in CSSPropertyOperations)

Dropwizard - jax-rs Response with string as entity is returning expected 'u' instead of 'e'

Requested setting DATABASES, but settings are not configured error in my Django project

How to display a php string in a specified format

Android emulator on AMD Phenom X4 965 BE or some replacement

READ ALSO
docker-compose rabbitmq service ports overwrite my node express ports
Node.js

docker-compose rabbitmq service ports overwrite my node express ports

I have a docker-compose file like:

 124
Deploying Gatsby static assets on an Express server
Node.js

Deploying Gatsby static assets on an Express server

I'm fairly new to Gatsby and React, but I'm looking to deploy the static assets generated by a Gatsby build on an Express serverIf I import the Public folder generated by 'gatsby build' into the server directory, and use the following code:

 130
Internal server error when deployed to Heroku
Node.js

Internal server error when deployed to Heroku

I am receiving an internal server error now that my app is deployed to herokuAll was working fine locally

 181
Nodejs await for multiple database calls
Node.js

Nodejs await for multiple database calls

I'm trying to construct a response in which two database calls are requiredCurrently I'm having trouble with Node

 136