Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: self signed certificate in certificate chain #695

Closed
JannesMeyer opened this issue Aug 19, 2015 · 78 comments
Closed

Error: self signed certificate in certificate chain #695

JannesMeyer opened this issue Aug 19, 2015 · 78 comments

Comments

@JannesMeyer
Copy link

My .npmrc looks like this:

registry=http://registry.npmjs.org/
strict-ssl=false
python=python2.7
ca=

It shouldn't even try to open a SSL connection because I'm using HTTP for the registry.

npm install protractor gives an error when running node-gyp "Error: self signed certificate in certificate chain":

> [email protected] install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> [email protected] install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
npm WARN optional dep failed, continuing [email protected]
[email protected] node_modules\protractor
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], json-stringify
[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
├── [email protected]
└── [email protected] ([email protected], [email protected], [email protected], [email protected])
. > npm install protractor
-


> [email protected] install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> [email protected] install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
npm WARN optional dep failed, continuing [email protected]
[email protected] node_modules\protractor
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected], [email protected])
├── [email protected]
├── [email protected] ([email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], json-stringify
[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
└── [email protected] ([email protected], [email protected], [email protected], [email protected])
. > npm install protractornpm config set ca ""
. > npm config set ca ""
. > npm install protractor
|
> [email protected] install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> [email protected] install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
npm WARN optional dep failed, continuing [email protected]
[email protected] node_modules\protractor
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected])
├── [email protected]
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], json-stringify
[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
└── [email protected] ([email protected], [email protected], [email protected], [email protected])
@JannesMeyer
Copy link
Author

Any ideas why this might be happening?

@Megadesty
Copy link

Have the same problem with node 4.1 and node-gyp 3.0.3:

gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1000:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:567:8)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "C:\\Program Files (x86)\\nodejs\\node.exe" "C:\\Program Files (x86)\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure" "--fallback-to-build" "--module=C:\\Users\\user\\AppData\\Roaming\\npm\\node_modules\\node-inspector\\node_modules\\v8-debug\\build\\debug\\v0.5.4\\node-v46-win32-ia32\\debug.node" "--module_name=debug" "--module_path=C:\\Users\\user\\AppData\\Roaming\\npm\\node_modules\\node-inspector\\node_modules\\v8-debug\\build\\debug\\v0.5.4\\node-v46-win32-ia32"
gyp ERR! cwd C:\Users\user\AppData\Roaming\npm\node_modules\node-inspector\node_modules\v8-debug
gyp ERR! node -v v4.1.0
gyp ERR! node-gyp -v v3.0.3
gyp ERR! not ok

@raysuelzer
Copy link

Same problem. It doesn't seem to be respecting my global configuration settings for some reason. basically impossible to install behind a corporate proxy.

@warroyo
Copy link

warroyo commented Oct 2, 2015

Same issue here, can we get a fix for this pelase!

@warroyo
Copy link

warroyo commented Oct 2, 2015

i found this comment on another issue and it seems to work #448 (comment). just set that environment variable. This is a hacky work around though, node-gyp should respect npmrc.

@bnoordhuis
Copy link
Member

node-gyp doesn't use the npm registry, it downloads the tarball from https://nodejs.org/.

Setting NODE_TLS_REJECT_UNAUTHORIZED=0 in the environment will disable verification but you are setting yourself up for a MitM attack. Closing, not a bug but a feature.

@weagle08
Copy link

why close this? it seems to be a pretty common issue for a lot of people downloading packages that require node-gyp, and I just installed newest nodejs and npm and am still getting this issue. Using the NODE_TLS_REJECT_UNAUTHORIZED=0 may work, but it is a hack fix.

@bnoordhuis
Copy link
Member

Knowing what you know, what would you have node-gyp do differently?

@weagle08
Copy link

knowing what I know, I know that this has surpassed my scope of knowledge as far as the internal workings of node-gyp, but would it be possible to have a config file for just node-gyp in which you can set settings like this?

@marksy
Copy link

marksy commented Oct 20, 2015

Excuse my ignorance but how do you use NODE_TLS_REJECT_UNAUTHORIZED=0

I'm on Windows using cmd

Do I set this in the: npm confit set NODE_TLS_REJECT_UNAUTHORIZED=0

@marksy
Copy link

marksy commented Oct 20, 2015

Config* sorry

@weagle08
Copy link

from command line you can do:
set NODE_TLS_REJECT_UNAUTHORIZED=0
npm install [mypackage]

@weagle08
Copy link

Or you can set it as a windows environment variable but I would recommend the first option.

@marksy
Copy link

marksy commented Oct 20, 2015

Cool thanks @weagle08

@bnoordhuis
Copy link
Member

would it be possible to have a config file for just node-gyp in which you can set settings like this?

It's certainly possible but it's not strictly necessary. node-gyp respects the traditional https_proxy environment variable (as does npm, I think.)

@weagle08
Copy link

Unfortunately where I work no proxy is provided so these variables don't help. My company plays man in the middle and injects certs and there is nothing I can do about it.

@raysuelzer
Copy link

Same issues with the cert injection. I had to modify the node gyp source to remove reference to https:// and rebuild it. The problem is that it doesn't respect the tls config when downloading the tarball.

@Megadesty
Copy link

Since node-gyp is a tool for nodejs, but not resides inside of nodejs, I can fully understand why it should not use the node/npm configs for setting the network environment. But I must also agree with the others, that node-gyp should provide it's (optional) own config file, because in my case the system proxy environment is not enough, too: My company's proxy also established a MitM scenario, so I need a strict-ssl=false.

The 'workaround' with NODE_TLS_REJECT_UNAUTHORIZED=0 works, but it is not very user friendly:

  • not well documented
  • every developer has always to setup his own environment especially for node-gyp
  • counter-intuitive if other equivalent tools (in terms of downloading stuff) have a config file for this setting like bower, npm, Atom, etc

@bnoordhuis
Copy link
Member

#837 - adds a --cafile option.

@meash-nrel
Copy link

so there is now a command line option to provide ca file ... any idea how to engage that when node-gyp is getting called by the NPM install process? i'm not the one calling node-gyp, npm is, via the project file of the module being installed. the solution seems to remain the NODE_TLS_REJECT_UNAUTHORIZED=0 hack.

@bnoordhuis
Copy link
Member

If you have the cafile option set in your .npmrc or specified on the command line, then node-gyp should inherit that automatically when invoked by npm.

@hughes
Copy link

hughes commented Mar 10, 2016

The cafile option is seemingly ignored by some part of the build process. I could only get this to work with NODE_TLS_REJECT_UNAUTHORIZED=0.

@sdas99
Copy link

sdas99 commented Mar 11, 2016

I am on RHEL7 and I tried export NODE_TLS_REJECT_UNAUTHORIZED=0 but still getting SELF_SIGNED_CERT_IN_CHAIN error. The two modules that are failing to install are bcrypt and libxmljs.

> [email protected] install /lib/node_modules/libxmljs
> node-gyp rebuild

gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/0.10.36"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/lib/node_modules/libxmljs/.node-gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: SELF_SIGNED_CERT_IN_CHAIN
gyp ERR! stack     at SecurePair.<anonymous> (tls.js:1381:32)
gyp ERR! stack     at SecurePair.emit (events.js:92:17)
gyp ERR! stack     at SecurePair.maybeInitFinished (tls.js:980:10)
gyp ERR! stack     at CleartextStream.read [as _read] (tls.js:472:13)
gyp ERR! stack     at CleartextStream.Readable.read (_stream_readable.js:341:10)
gyp ERR! stack     at EncryptedStream.write [as _write] (tls.js:369:25)
gyp ERR! stack     at doWrite (_stream_writable.js:226:10)
gyp ERR! stack     at writeOrBuffer (_stream_writable.js:216:5)
gyp ERR! stack     at EncryptedStream.Writable.write (_stream_writable.js:183:11)
gyp ERR! stack     at write (_stream_readable.js:602:24)
gyp ERR! System Linux 3.10.0-327.10.1.el7.x86_64
gyp ERR! command "node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/lib/node_modules/libxmljs
gyp ERR! node -v v0.10.36
gyp ERR! node-gyp -v v3.3.0
gyp ERR! not ok
npm ERR! Linux 3.10.0-327.10.1.el7.x86_64
npm ERR! argv "node" "/usr/bin/npm" "install" "-g" "libxmljs"
npm ERR! node v0.10.36
npm ERR! npm  v3.8.1
npm ERR! code ELIFECYCLE

@brianary
Copy link

brianary commented Aug 8, 2016

This would be much better addressed by fixing nodejs/node#3159.

Playing whack-a-mole with npm, Atom, VS code, cUrl, Firefox, &c, &c, &c each using their own cert store when the OS supplies one is an unmanageable mess.

If that's not immediately supported, a standard cafile environment variable that's honored by all parties would at least help.

@chandrunaik
Copy link

Can this be helpful?
git config --global http.sslVerify false

@brianary
Copy link

No, because I don't want to disable all certificate validation. Decrypting network hardware (substituting their local certs) are used in high-security environments, and accepting every certificate from any source would radically undermine that.

@qbradq
Copy link

qbradq commented Dec 13, 2016

I work in an environment where our proxies also use this self-signed cert substitution technique. Is there a particular reason to not expect security appliance vendors and operators to start using signed certificates for their appliances? I think the only way we will see a change in behavior is to continue to place that expectation on the vendors and operators. And it's not just Node that has these "issues" dealing with self-signed certs. Every application I support that interacts with the internet is a headache because of this.

@VerdonTrigance
Copy link

Windows users: Having cafile=C:\path\to\my\companys\cafile.pem did not work. However removing that line and setting the environment variable below did work:

SET NODE_EXTRA_CA_CERTS=C:\\path\\to\\my\\companys\\cafile.pem

For noobs like me: the .pem file is just the base64 encoded certificates (.cer) of your proxy's CA root (and intermediate).

  1. Did you used double slash in path?
  2. Is it required to be exactly .pem extension or base64 encoded .cer just fine?
  3. Did you used npmrc file?

@skategaru
Copy link

Try uninstalling Angular/cli first and installing node-gyp and then try reinstalling Angular cli

npm uninstall -g @angular/cli
npm install -g node-gyp
npm install -g @angular/cli

It worked perfectly

@VerdonTrigance
Copy link

I ended with updating Node and everything else to last version and it helped.

@andig
Copy link

andig commented Jan 11, 2022

Same problem here. Running on MacOS, no proxy, no vpn, no custom certificates. Node 14 working finde, Node 16 broken:

❯ NODE_TLS_REJECT_UNAUTHORIZED=0 node-gyp configure
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | darwin | arm64
gyp info find Python using Python version 3.9.9 found at "/opt/homebrew/opt/[email protected]/bin/python3.9"
gyp http GET https://nodejs.org/download/release/v16.13.1/node-v16.13.1-headers.tar.gz
(node:79648) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack FetchError: request to https://nodejs.org/download/release/v16.13.1/node-v16.13.1-headers.tar.gz failed, reason: unable to get local issuer certificate
gyp ERR! stack     at ClientRequest.<anonymous> (/opt/homebrew/lib/node_modules/node-gyp/node_modules/minipass-fetch/lib/index.js:110:14)
gyp ERR! stack     at ClientRequest.emit (node:events:390:28)
gyp ERR! stack     at TLSSocket.socketErrorListener (node:_http_client:447:9)
gyp ERR! stack     at TLSSocket.emit (node:events:402:35)
gyp ERR! stack     at emitErrorNT (node:internal/streams/destroy:157:8)
gyp ERR! stack     at emitErrorCloseNT (node:internal/streams/destroy:122:3)
gyp ERR! stack     at processTicksAndRejections (node:internal/process/task_queues:83:21)
gyp ERR! System Darwin 21.2.0
gyp ERR! command "/opt/homebrew/Cellar/node@16/16.13.1_1/bin/node" "/opt/homebrew/bin/node-gyp" "configure"
gyp ERR! cwd /Users/andig/htdocs/evcc
gyp ERR! node -v v16.13.1
gyp ERR! node-gyp -v v8.4.1
gyp ERR! not ok

Is there any way to trace what call is going on with the GET? I can open the URL just fine in any browser.

❯ curl https://nodejs.org/download/release/v16.13.1/node-v16.13.1-headers.tar.gz > foo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  549k  100  549k    0     0  3321k      0 --:--:-- --:--:-- --:--:-- 3432k

@Fjaoos
Copy link

Fjaoos commented Feb 10, 2022

Hi,

i just can't install keytar because node-gyp rebuild fails with this problem:
image

I've tried

  • Set NODE_TLS_REJECT_UNAUTHORIZED=0
  • SET NODE_EXTRA_CA_CERTS=C:\path\to\my\companys\cafile.pem
  • uninstall/install angular

I do not know what I can try beyond this.

Can anyone recommend a solution?

@andig
Copy link

andig commented Feb 10, 2022

What finally worked for me is nodejs/help#3686 (comment)

@Fjaoos
Copy link

Fjaoos commented Feb 10, 2022

Thanks @andig I tried that. It works for the https://nodejs.org/download/release/v16.14.0/node-v16.14.0-headers.tar.gz file but after that it requires another file (which is not a tar.gz) and fails because of the certifcate issue as well.

@VerdonTrigance
Copy link

Hi,

i just can't install keytar because node-gyp rebuild fails with this problem: image

I've tried

  • Set NODE_TLS_REJECT_UNAUTHORIZED=0
  • SET NODE_EXTRA_CA_CERTS=C:\path\to\my\companys\cafile.pem
  • uninstall/install angular

I do not know what I can try beyond this.

Can anyone recommend a solution?

try
npm config set strict-ssl false

@Fjaoos
Copy link

Fjaoos commented Feb 10, 2022

strict-ssl=false was the first thing that I tried and has been set to false since then

@VerdonTrigance
Copy link

Did you upgrade both npm and NODE to last version?

@Fjaoos
Copy link

Fjaoos commented Feb 10, 2022

image
Node should be the current TLS

@andig
Copy link

andig commented Feb 10, 2022

Did you upgrade both npm and NODE to last version?

Why should one? Is there any known fix?

@VerdonTrigance
Copy link

Yes. There was a fix. And it helped for me, but my version was 2 major less than current

@jcgertig
Copy link

@Fjaoos did you ever fix this issue?

@tonjohn
Copy link

tonjohn commented Jul 13, 2022

I hit this issue on node v16.14.0 and v16.16.0. However, it works fine on v16.13.1. Is anyone looking into this?

@nhurion
Copy link

nhurion commented Jul 27, 2022

on windows, version v16.16.0.
those are not working
Set NODE_TLS_REJECT_UNAUTHORIZED=0
SET NODE_EXTRA_CA_CERTS=C:\path\to\my\companys\cafile.pem

Is there a way to specify where the file should be downloaded from or do I have to hack the hosts file to avoid this blocking issue ?

@NekitCorp
Copy link

My workaround is to transfer file content cafile to ca one-line PEM format:

.npmrc:

# from
cafile=/path/to/cert.pem

# to
ca="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"

@Fjaoos
Copy link

Fjaoos commented Mar 6, 2023

@Fjaoos did you ever fix this issue?

Unfortunately I do not remember but I am sure it was a mix of corporate proxy/firewall and very restricted windows clients.
I have since moved on from that environment.

@sereksim
Copy link

sereksim commented Mar 27, 2023

Is there a solution that actually works? I tried every suggestion...

set NODE_TLS_REJECT_UNAUTHORIZED=0
npm install -g --unsafe-perm binding
     added 1 package in 13s
npm config set strict-ssl false
set npm_config_cafile "C:\path\to\certificate.pem"
npm config set cafile "C:\path\to\certificate.pem" --global
set NODE_EXTRA_CERTS="C:\path\to\certificate.pem"
set NODE_EXTRA_CA_CERTS="C:\path\to\certificate.pem"

... and node-gyp still fails:

node-gyp configure
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | win32 | x64                                                                               
gyp info find Python using Python version 3.9.7 found at "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python39_64\python.exe"                                                                                                         gyp http GET https://nodejs.org/download/release/v18.13.0/node-v18.13.0-headers.tar.gz                                  gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack FetchError: request to https://nodejs.org/download/release/v18.13.0/node-v18.13.0-headers.tar.gz failed, reason: self-signed certificate in certificate chain
gyp ERR! stack     at ClientRequest.<anonymous> (C:\Users\bla\AppData\Roaming\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\index.js:130:14)
gyp ERR! stack     at ClientRequest.emit (node:events:513:28)
gyp ERR! stack     at TLSSocket.socketErrorListener (node:_http_client:496:9)
gyp ERR! stack     at TLSSocket.emit (node:events:525:35)
gyp ERR! stack     at emitErrorNT (node:internal/streams/destroy:151:8)
gyp ERR! stack     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
gyp ERR! stack     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
gyp ERR! System Windows_NT 10.0.22000
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\bla\\AppData\\Roaming\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure"
gyp ERR! cwd C:\Users\bla\my\current\directory
gyp ERR! node -v v18.13.0
gyp ERR! node-gyp -v v9.3.1
gyp ERR! not ok

I also tried to manually download the tar.gz as described here: nodejs/help#3686 (comment), but that didn't change anything. Even if I have the tar.gz file in the \tmp directory, the command fails, because the commands loads multiple files, not only the tar.gz.
Maybe I could load those files manually, but without knowing every file which is downloaded in the process, that doesn't work either...

Edit: This might be connected to the issues nodejs/node#3742, #448 and the already mentioned nodejs/help#3686, but the recommendations there are similar to those here.

Edit2: Installing something with npm install doesn't work either: npm ERR! RequestError: self-signed certificate in certificate chain

@sereksim
Copy link

sereksim commented Mar 29, 2023

None of the other methods worked for me (see #695 (comment)), but this command finally solved the problem (on Windows 11):
$env:NODE_EXTRA_CA_CERTS="C:\path\to\certificate.crt"

node-gyp and npm now work without any problems.

@tooolbox
Copy link

tooolbox commented Jul 5, 2023

After an hour of trying everything, NODE_TLS_REJECT_UNAUTHORIZED did not work for me, but NODE_EXTRA_CA_CERTS did.

@jbgomond
Copy link

jbgomond commented Oct 24, 2023

node-gyp switched to make-fetch-happen, which does not support this this environment variable ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests