search

jasongin / nvs

Node Version Switcher - A cross-platform tool for switching between versions and forks of Node.js
Other
2.73k stars 210 forks source link

Error: self signed certificate in certificate chain #87

Open jhr007 opened 6 years ago

jhr007 commented 6 years ago

Since nothing else on this repo pointed to this error, here's a write up...

tl;dr;

Windows: set NODE_EXTRA_CA_CERTS=C:\path\to\your\ca.pem Use the UI to set a environment variable to make it more permanent. Note ca.pem should be just your CA.

Error:

nvs -> then pick first entry gets: Failed to download index: https://nodejs.org/dist/index.json self signed certificate in certificate chain

Normally this means that SSL connection has been compromised, but I'm behind a corporate firewall/proxy that man-in-the-middle's SSL certificates and rewraps the requests in a SSL cert signed by a private(self-signed) Certificate Authority.

npm was giving me this same error and I fixed by using npm's cafile config setting. I downloaded an extract of Firefox's valid CAs cacert.pem(https://curl.haxx.se/docs/caextract.html) and added the corporate CA in with the rest.

I later realized that npm was just using node's tls and found the environment variable. Hopefully this will help the next person and you wont have to have write cli flags to support this.

A bunch of resources were left uncredited in the writing of this

jasongin commented 6 years ago

Thanks. I'm planning to do some work on nvs to make it work better in proxy environments. Part of the work will be some documentation about how to configure proxy settings. So I'll include this info in that doc.

ywmail commented 4 years ago

Can't make nvs to work property over company proxy.

pastinepolenta commented 2 years ago

Note the syntax for Power Shell is $env:NODE_EXTRA_CA_CERTS="C:\cert.pem"

ackvf commented 1 year ago

Use SETX to make it permanent. Note, setx won't apply the value to current shell, so use both.

setx NODE_EXTRA_CA_CERTS C:\path\to\your\ca.pem
set NODE_EXTRA_CA_CERTS=C:\path\to\your\ca.pem

Anyway, this 👆 hasn't helped me solve my issue, but this did 👇 https://stackoverflow.com/a/55220462.

setx NODE_TLS_REJECT_UNAUTHORIZED 0
set NODE_TLS_REJECT_UNAUTHORIZED=0

For local development I guess it's OK. Not a solution for production though!

This can also be included in the script itself as a workaround?

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";