Unsupported certficate purpose

I'm getting the above error when passing a request to the HTTP request node. Underneath it it says "Invalid purpose". There's no other debugging info. A change node is passing 2 msg.headers, setting msg.rejectUnauthorized to false, and passing a data parameter as the msg. payload.

I know it's not an issue with either the request itself or with SSL for two reasons. First, the exact same request in the exact same machine using curl on a command line works perfectly fine and in fact if I run the curl command through the exec node in Node Red it also works fine. Second, at one point it worked perfectly fine; after restarting Node Red it started throwing that error.

I have no idea what Invalid Purpose means let alone how to fix it so was hoping someone here might know what's going on.

Hi @mobamoba,
I have never heard about it myself.
But after some googling it looks to me that it is related to the "Key Usage" field in a certificate. For example here is how my Node-RED LetsEncrypt certificate looks like:


Seems that the Key Usage defines what the certificate may be used for.

Suppose you have a certificate that is intended to be used as a web server authentication certificate. When you would use it in both the server and the client configuration, then you could get that error. Because you would use the certificate for something it is not intended to be used for...

I'm not very sure about that: Because it seems that not all programs read that Key usage extension. So assume your specific curl command doesn't validate the Key Usage field, it would work (because it is a valid certificate, you only use it in the wrong circumstances).

Hopefully this makes a bit sense...
Is it a public site you are trying to access?

No it's not a public site. And it really isn't an SSL issue. If it were, the exec node curl would be throwing an error as would command line curl and both of them work fine.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.