SSL certificate rejected, OK on Browser

[davidebaldini]

This testcase produces: err: Error: unable to verify the first certificate

"use strict";

const request = require("request");

(() => {
    request({
        url: "https://www.opl.co.il/",
        method: 'GET',
        timeout: 30000,
    }, function (err, res) {
        console.log("res: " + res);
        console.log("err: " + err);
    });
})();

I also tried with this, with the same outcome:

"use strict";

const request    = require("request"),
      syswidecas = require("syswide-cas"),
      sslRootCAs = require("ssl-root-cas/latest");

(() => {
    // add SSL certificates
    sslRootCAs.inject();
    syswidecas.addCAs("/etc/ssl/certs/");

    request({
        url: "https://www.opl.co.il/",
        method: 'GET',
        timeout: 30000,
    }, function (err, res) {
        console.log("res: " + res);
        console.log("err: " + err);
    });
})();

Firefox recognizes fine the SSL certificate of https://www.opl.co.il/; the great majority of other websites I tried work fine with both scripts above.

Environment:

nodejs v8.11.2
Debian

[sam-github]

You'll hav to find the CA for that site, wget doesn't recognize it either, on my system:

% wget https://www.opl.co.il
--2018-12-18 09:12:45--  https://www.opl.co.il/
Resolving www.opl.co.il (www.opl.co.il)... 192.230.124.152
Connecting to www.opl.co.il (www.opl.co.il)|192.230.124.152|:443... connected.
ERROR: cannot verify www.opl.co.il's certificate, issued by ‘CN=COMODO RSA Extended Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Unable to locally verify the issuer's authority.
To connect to www.opl.co.il insecurely, use `--no-check-certificate'.

[sam-github]

Btw, #25113 doesn't result in a CA for that site, so I'm somewhat perplexed by how Firefox on your system validates it. I wonder if it uses a different cert store than the one from Mozilla's NSS certdata.txt, maybe it has some extras.