npm install self-signed certificate error - node.js

I have created a yeoman generator that I would like installable as a node module. This is to make installing the custom generator a one-step process where other developers on the team can simply do npm install git+https://path-to-local-git-server/generator-repo.git.
I believe I have everything setup correctly but npm croaks on the self-signed certificate with the following error
npm ERR! fatal: unable to access 'https://path-to-local-git-server/generator-repo.git': SSL certificate problem: self signed certificate
I have tried to make npm ignore certificate warnings with npm config set strict-ssl false and npm config set ca="" but npm still complains about the certificate
Please help. The alternative would be to have users clone the git repo and do an npm install with the path to their clone which is not so desirable because I would like to version and maintain the genrator in a manner that they can update using npm.

This is actually error thrown by git.
You have to set up ~/.gitconfig and add the following line:
[http]
sslCAInfo=/path/to/your/certificate/file.pem
It's done.
P.S. don't know why no answer here, and I found this question today because I have the same problem. It is solved, and put the answer here, if someone needs it in the future.

Related

Node-gyp fetches headers from internet – not allowed because of firewall rules

I am trying to setup a simple node app in docker. The app needs to install npm package ibm_db. In that installation of ibm_db, node-gyp wants to download headers file from the internet which is not allowed under company firewall rule. Downloading npm packages works fine using a proxy.
https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz failed, reason: unable to get local issuer certificate
I am unsure of the best way forward here. Is it possible to install the headers.tar manually somehow?
Commit the specific version of the node-{NODE_VERSION}-headers.tar.gz file that you require into the repo, and do this:
echo "---> Set tarball"
NODE_VER=v16.13.1
npm config set tarball /{YOUR_PATH}/node-${NODE_VER}-headers.tar.gz
Then proceed with your npm install as you would normally.
https://github.com/nodejs/help/issues/3686#issuecomment-1011865975

npm ERR! cb() never called in windows10

I was trying to run npm install inside the project folder but every time there is this error showing npm cb() never called.
I am using node version 10.16.2 and npm version 6.9.0 in windows 10
I have tried npm cache clean --force but that didn't help
E:\contribution\contribute-to-open-source>npm install
npm ERR! cb() never called!
npm ERR! This is an error with npm itself. Please report this error at:
npm ERR! <https://npm.community>
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\papun\AppData\Roaming\npm-cache\_logs\2019-08-10T03_51_20_512Z-debug.log
I had the same problems and lost hours trying to solve it :(.
But then i found out that my firm has installed some new kind of firewall with self signed certificate.
Quick solution was:
npm config set strict-ssl=false
After that everything started working without 'npm cb() never called' errors
I had faced the same issue, and i spend days to get a solution for the issue. In the end, i figured it out and it was an issue with my network.
Please verify your network connection and proxy settings.
In my case, I was using corporate proxy using a script. When i opened the pac file and get the proxy from there ( take XXX:XXX from the line return "PROXY XXX:XXX;";) and added to npm config proxy setting (npm config set proxy XXX:XXX), it started working and got resolved.
run this all issue will be solved..
npm install --global windows-build-tools
try to set your proxy using the commands
npm config set proxy http://proxy_host:port
npm config set https-proxy https://proxy_host:port
I have deleted all the node_modules, package-lock.json but still it was not working. For me the reason was, there were some modules that required relogin to install.
So, I deleted my node_modules, build and package-lock.json. and opened command prompt in admin mode.
Then went to the specific project path and logged-in to the components that require credentials.
1. npm login (root path of your react app)
2. type username as "<xxxxx>"
3. type password as "<yyyyy>" (won't be visible on console)
4. type email as "<zzzz>#<aaa>.com"
5. npm i
6. npm run build
It worked for me.
I also faced the same problem I deleted that file from
C:\Users\Harshk1311\AppData\Roaming\npm-cache\_logs
And problem solved
Double Check file name in terminal where error occured and delete file
i.e C:\Users\Harshk1311\AppData\Roaming\npm-cache_logs\2019-08-10T03_51_20_512Z-debug.log
Delete 2019-08-10T03_51_20_512Z-debug.log only this file .
Another possible reason that solved the problem in my case:
Missing MS VC Redistributable. For example if you are on a fresh new PC. In this case you could download the e.g. VC_redist.x64.exe and install it. You may need to restart the terminal before e.g. executing npm i again.
The Visual C++ Redistributable installs Microsoft C and C++ (MSVC) runtime libraries. These libraries are required by many applications built by using Microsoft C and C++ tools.

npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY

I am trying all possible ways to create a React application. I have tried Maven, and now I am trying create-react-app from Facebook Incubators.
When I tried to run the command create-react-app my-app in npm environment, it worked on my personal system with no issues. But, when I tried the same command in my work environment, I encountered the following error on my command line:
npm ERR! node v6.10.2
npm ERR! npm v3.10.10
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! unable to get local issuer certificate
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>
A quick solution from the internet search was npm config set strict-ssl false, luckily it worked. But as a part of my work environment, I am restricted to set the strict-ssl flag to false.
Later I found a safe and working solution,
npm config set registry http://registry.npmjs.org/
this worked perfectly and I got a success message Happy Hacking! by not setting the strict-ssl flag to false.
what may be happening is your company decrypts certain traffic and re-encrypts it with their certificate (which you probably already have in your keychain or trusted root certificates)
if you're using node 7 or later I've found this fix to be compatible with node and node-gyp (for Windows you'll need to do this differently, but you basically just need to add this environment variable):
export NODE_EXTRA_CA_CERTS="absolute_path_to_your_certificates.pem" (in Windows you may need to remove the quotes)
the pem file can have multiple certificates: https://nodejs.org/api/cli.html#node_extra_ca_certsfile
make sure your certificates are in proper pem format (you need real line breaks not literal \n)
I couldn't seem to get it to work with relative paths (. or ~)
This fix basically tells npm and node-gyp to use the check against the regular CAs, but also allow this certificate when it comes across it
Ideally you would be able to use your system's trusted certificates, but unfortunately this is not the case.
After trying out every solution I could find:
Turning off strict ssl: npm config set strict-ssl=false
Changing the registry to http instead of https: npm config set registry http://registry.npmjs.org/
Changing my cafile setting: npm config set cafile /path/to/your/cert.pem
Stop rejecting unknown CAs: set NODE_TLS_REJECT_UNAUTHORIZED=0
The solution that seems to be working the best for me now is to use the NODE_EXTRA_CA_CERTS environment variable which extends the existing CAs rather than replacing them with the cafile option in your .npmrc file. You can set it by entering this in your terminal: NODE_EXTRA_CA_CERTS=path/to/your/cert.pem
Of course, setting this variable every time can be annoying, so I added it to my bash profile so that it will be set every time I open terminal. If you don’t already have a ~/.bash_profile file, create one. Then at the end of that file add export NODE_EXTRA_CA_CERTS=path/to/your/cert.pem. Then, remove the cafile setting in your .npmrc.
Changing the NPM repo URL to HTTP works as a quick-fix, but I wanted to use HTTPS.
In my case, the proxy at my employer (ZScaler) was causing issues (as it acts as a MITM, causing certification verification issues)
I forgot I found a script that helps with this and Git (for cloning GitHub repos via HTTPS had the same issue) and forked it for my use
Basically, it does the following for git:
git config --global http.proxy http://gateway.zscaler.net:80/
git config --system http.proxy http://gateway.zscaler.net:80/
and for Node, it adds proxy=http://gateway.zscaler.net:80/ to the end of c:\Users\$USERNAME\npm\.npmrc
That solved the issue for me.
Had the same error. Looks like it is related to SSL certificates. If you are using NPM for public packages (don't need the security of HTTPS) you can turn off strict SSL key validation with the following command.
This might be the simplest fix if you're just looking to install a few publicly available packages one time.
npm config set strict-ssl=false
What is your OS? On Ubuntu I was able to fix this error by running
npm config set cafile /etc/ssl/certs/ca-certificates.crt
to tell npm to use my system's certificate store. Debian uses the same system certificate path, I'm less familiar with other distributions and OSes.
(I don't like the other answers that all turn off certificate verification and allow man-in-the-middle attacks.)
In my case, at some point I set my global config to use a cert that was meant for a project.
npm config list
/path/to/global/.npmrc
NODE_EXTRA_CA_CERTS = "./certs/chain.pem"
I opened the file, removed the line and npm install worked again.
npm config set registry http://registry.npmjs.org/
If this code trick didn't work for you then try to run your application from home directory.. It worked for me.
Zscalar update policy help me to make network calls, after trying couple of work around mentioned.
Workarounds tried Before Zscalar update:
npm config set strict-ssl false
npm config set registry http://registry.npmjs.org/
set NODE_TLS_REJECT_UNAUTHORIZED=0
Update policy(Highlighted in yellow) in Zscalar app helped me to fix "unable to get local issuer certificate" issue.
For me the issue was VPN, I disconnected the VPN and "npm i" command worked with no fail.
I had this error when I tried to update npm, but had a really old version (1.3.6 !) installed from yum in AWS Linux. I was able to manually install a newer npm version and everything was remedied.
Setting NODE_EXTRA_CA_CERTS in the terminal did not work for me for some reason, same like how export http_proxy=proxyurl in the terminal didn't work and instead I needed to do a npm config set proxy yourproxyurl:port and npm config set http-proxy yourproxyurl:port (you can verify existing proxy, if any, via npm get proxy).
I had to supply --cafile parameter for it to explicitly work, something like this:
sudo npm install -g cordova --cafile /System/Volumes/Data/opt/homebrew/etc/ca-certificates/cert.pem
Its very easy to fix this issue.
ERROR
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/yarn failed, reason: unable to get local issuer certificate
npm ERR! A complete log of this run can be found in:
Solution
If you are in organization or intranet then use below commend.
npm config set registry
https://type_your_org_repo_fqdn
other wise
npm config set registry http://registry.npmjs.org/
Some schematics use yarn under the hood and throw the same error.
yarn config set registry http://registry.npmjs.org
This is what worked for me (on a Mac 10.15.7).
My issue was I tried this command...
npm install eslint --save-dev
...and got this error message...
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/eslint failed, reason: unable to get local issuer certificate
...I googled one of the error messages and ended up on the stack overflow issue you are reading now.
I then tried one of the suggestions above, i.e.
npm config set registry http://registry.npmjs.org/
...then, I again tried...
npm install eslint --save-dev
...and got the same error message.
Then I did something unique. I connected to my company's vpn. (This is the opposite of what someone (i.e. #mask) suggested. They said they turned OFF their vpn!)
I tried...
npm install eslint --save-dev
...for the third time and it worked like a charm. Problem solved. (-:
(Aside: I wonder if my first attempt to fix this, i.e.
npm config set registry http://registry.npmjs.org/
...was necessary?)
I deleted the .npmrc file from C:\Users\MyUser and it worked
doing the following steps solved it for me.
npm config set strict-ssl=false
npm config set registry http://registry.npmjs.org/
npm config set cafile /path/to/your/cert.pem
set NODE_TLS_REJECT_UNAUTHORIZED=0

Getting UNABLE_TO_VERIFY_LEAF_SIGNATURE from NPM when installing hexo-cli

I am getting an UNABLE_TO_VERIFY_LEAF_SIGNATURE error when I try to install hexo-cli on Windows. I have tried switching to another mirror but that did not fix the problem.
Are you behind a corporate proxy? They are most likely intercepting & MiTM'ing the traffic with a self signed SSL certificate.
A hacky solution is just to turn off SSL for NPM
npm set strict-ssl false
More detailed instructions can be found here: How to fix SSL certificate error when running Npm on Windows?
References:
https://github.com/Medium/phantomjs#i-am-behind-a-corporate-proxy-that-uses-self-signed-ssl-certificates-to-intercept-encrypted-traffic
https://security.stackexchange.com/questions/101721/is-it-possible-for-corporation-to-intercept-and-decrypt-ssl-tls-traffic
Please, follow instructions described here:
How to fix SSL certificate error when running Npm on Windows?
As the author suggests, the point here to use NODE_EXTRA_CA_CERTS environment variable. Keep in mind that setting npm config set cafile <path> causes npm to only use the certs provided in that file, instead of extending the existing ones with it.

nodejs "npm ERR! code SELF_SIGNED_CERT_IN_CHAIN"

I'm new to nodejs and npm. I'm trying to install log4js and this is the command for the install:
npm install log4js
I'm running this from Windows Command Line and I after a while of a marker spinning I get the following error:
npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "log4js"
npm ERR! node v0.12.0
npm ERR! npm v2.5.1
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN
npm ERR! self signed certificate in certificate chain
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <http://github.com/npm/npm/issues>
npm ERR! Please include the following file with any support request:
npm ERR! C:\srv\npm-debug.log
I tried doing npm config set ca="" like suggested here: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more but I'm still getting this error.
How can I solve this and install NPMs ?
Disabling strict-ssl mode will remove this error.npm set strict-ssl false
Since this is turning off SSL security, we should try this as last step if below two steps don't help.This issue can arise due to incompatibility between SSL certificate file of npm and node registry.
Try1) telling your current version of npm to use node's ca instead of built in canpm config set ca=""2) OR upgrading your version of npm
npm install npm -g --ca=null
I had the same problem on windows 10.
open windows powerShell and enter the following command:
npm config set registry http://registry.npmjs.org/
Then you can use:
npm install [your package]
As metioned by Akshay Vijay Jain above,
npm config set strict-ssl false
TURNING OFF SSL BEFORE INSTALLING THE LATEST VERSION:
Then install the latest version
npm install -g npm#latest
INSTALL SUCCESS!!:
See the screenshots added for clarity.
I'm new to npm as well. Besides the commands mentioned in your link I tried the following and it resolved my issues:
npm set strict-ssl false
disabled McAfee temporarily
Reference: Npm SELF_SIGNED_CERT_IN_CHAIN on Azure
While setting StrictSsl to false is an option, it compromises your npm security. I recommend not disabling it. The following instructions elaborate on Shreedhar's post to use the cafile. Though it's written from a Windows 10 machine perspective it can be adapted.
Our company uses SSL Inpsection via a proxy, so at the very least we need to include the SSL Inspection certificate. The following instructions assume you are able to use a modern web browser on the machine you are trying to use an externally reaching npm function.
From a command console, run the following: npm config list
Record the value for metrics-registry. This should be a URL.
Open a browser to the URL. As of writing this answer, it is https://registry.npmjs.org/
Open the certificate information for the site. For Chrome on Windows, this involves clicking the padlock icon to the left of the URL in the address bar and selecting the option Certificate.
Inspect the certification path. For me, there is our corporate CA and our SSL Inspection certificate.
Download each certificate as Base64 encoded into a .cer or .crt file.
Compile all the certificates as-is into one .cer or .crt file.
Place this file into a user folder. Though we have a network-based users folder I recommend and use a local machine based folder. Note the full path to this file.
From a command console, run the following: npm config set cafile "C:\Local\Path\To\cafile4npm.cer" modifying the path and file noted in step 8.
Run your npm install command.
Was getting same error when executed via Docker build.
Powershell execution, however, was error free. Then modified the dockerfile with following (as suggested above):
RUN npm config set ca=""
RUN npm set strict-ssl false
This fixed the cert chain issue.
In CentOS and other Linux distros you need to configure NPM to use your Certificate Authorities file:
npm config set cafile "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" -g
Obviously check the file exists and contains all CA Roots you may encounter (e.g. corporate proxy).
solve this problem with this command
npm config set strict-ssl=false
As of February 27, 2014, npm no longer supports its self-signed certificates. The following options, as recommended by npm, is to do one of the following:
Upgrade your version of npm
npm install npm -g --ca=""
-- OR --
Tell your current version of npm to use known registrars
npm config set ca ""
Update: npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npm with more solutions particular to different environments
Read more here
Did you also tried settings cafile accommodating all pems in one file? npm add root CA
If you use proxy in your .npmrc file, I will suggest to set no_proxy environment variable with value of your <server IP address>
In my case, I had installed Fiddler, which has a self signed certificate which made the npm install go crazy.
See here how to remove the self signed Fiddler certificate How do you remove the root CA certificate that Fiddler installs
Our corporate environment inflicted this on us via some company cert chicanery, and this bit the Windows devs in both npm and git operations. For npm, the instructions provided previously by gregsonian (building a cert and pointing npm config to use it) still work well. (Win-10 for reference.) I prefer otherwise keeping SSL enabled.
None of the answers above helped out my situation. The culprit turned out to be the package agent-base pre 6.0.1. Indeed the owner admitted to shipping out self-signed certs in a test folder of his package. This forced a reinstall -D and -g but problem is still happening.
I found this cert by searching node_modules folder for *.pem.
Still working on getting npm caches to listen to me. Of course I'm the dummy right?
I'll post back additional findings.
Solution Found
7/7/2020
Our Angular application was upgraded from 8.3 to 10.0 today. Guess what? The errors disappeared. The root cause was someone published an unsigned cert that made it's way too deep in the NPM modules library. Even NPM 6.15 had it!
I tried many solutions here and none really worked for me. I tried updating npm but got either a timeout (when registry was set to http://registry.npmjs.org/), or a 403 Forbidden responce (when registry was set to https://registry.npmjs.org/)
In the end, realsing that my problem was caused by being behind a proxy, what did work for me in the end was:
npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080
(credit: https://stackoverflow.com/a/12832637/4191296)
I reinstalled node js and angular cli. It started working !!
You can disabled certificate validation for TLS connections:
NODE_TLS_REJECT_UNAUTHORIZED=0 npm install puppeteer
If you want to trust another certificate I think its better define the environment variable to trust the new certificate
NODE_EXTRA_CA_CERTS=<path to .pem file>
https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file
In my case I initially setup squid to proxy all http & https requests on my local ubuntu box, but was not aware that TLS version >= 1.3 requires ssl-bump, peek and splice TLS handshake features.
The following might help others understand what is going on "under the hood" so you can be confident that your fix is correct. If you don't use squid then skip that part, but take note of the final npm step.
Here are the steps to upgrade squid :
Install an upgrade patch provided by diladele . I also ran : apt upgrade after apt update
Use this tutorial to upgrade squid config to compliment the new ssl-bump features
Add env vars HTTP_PROXY=http://your.proxy.domain:3128 HTTPS_PROXY=http://your.proxy.domain:3128
Setup Firefox and/or Chrome to use squid as the http/https proxy
To enable npm ssl install, add the proxy ca-certificate.pem to the npm config
npm config set cafile /etc/squid/certs/squid-ca-cert.pem
After running step 5, npm install from https://registry.npmjs.org worked fine

Resources