nodejs "npm ERR! code SELF_SIGNED_CERT_IN_CHAIN"

Question

I'm new to nodejs and npm. I'm trying to install log4js and this is the command for the install:

npm install log4js

I'm running this from Windows Command Line and I after a while of a marker spinning I get the following error:

npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "log4js"
npm ERR! node v0.12.0
npm ERR! npm  v2.5.1
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN

npm ERR! self signed certificate in certificate chain
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <http://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     C:\srv\npm-debug.log

I tried doing npm config set ca="" like suggested here: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more but I'm still getting this error.

How can I solve this and install NPMs ?

Possible duplicate of [receiving error: 'Error: SSL Error: SELF\_SIGNED\_CERT\_IN\_CHAIN' while using npm](http://stackoverflow.com/questions/9626990/receiving-error-error-ssl-error-self-signed-cert-in-chain-while-using-npm) — Mike Guthrie, May 19 '17 at 14:39
I had this issue due to a corporately installed product called websense. It was hijacking the certs. removal of the `virus` solved the problem — BozoJoe, Aug 14 '19 at 16:37
For mac OS users, i answered this on another thread here: https://stackoverflow.com/a/72926171/8145332 — Johnson Fashanu, Jul 10 '22 at 04:49

Akshay Vijay Jain · Answer 1 · 2021-10-07T06:20:44.287

269

Disabling strict-ssl mode will remove this error.

npm set strict-ssl false

Since this is turning off SSL security, we should try this as last step if below two steps don't help.

This issue can arise due to incompatibility between SSL certificate file of npm and node registry.

Try

1) telling your current version of npm to use node's ca instead of built in ca

npm config set ca=""

2) OR upgrading your version of npm

npm install npm -g --ca=null

edited Oct 07 '21 at 06:20

answered Jan 22 '16 at 11:11

Akshay Vijay Jain

13,461
8
60
73

1

Solved even my issue. All I have to run it as super user ;-) – byJeevan Apr 23 '18 at 05:22
@geoidesic It worked inside docker file for me. Try this command with RUN before npm install. – Deepak Tekchandani Dec 09 '19 at 08:31
4

This is an insecure approach, making you vulnerable to MITM attacks. The proper solution is to find the actual certificates used and added them to your npm cafile. – H A Apr 17 '20 at 06:19
3

This fixed my issue : npm set strict-ssl false – Tarun Deep Attri May 20 '20 at 11:14
@Tarun what is the version of npm you are using? – Akshay Vijay Jain May 20 '20 at 12:44
1

@AkshayVijayJain my npm version is 6.13.4 – Tarun Deep Attri Jun 08 '20 at 08:12
Solved my issue. Thanks – rajakvk Aug 31 '21 at 15:20
1

Would be worth adding that you should re-enable strict-ssl after install is complete. `npm set strict-ssl true` – Kevin Hogg Feb 17 '22 at 14:29
Reality of working in BigGlobalCorp is that we have to resort to this because InfoSecurity do MITM attacks all the time, it makes them feel more secure ;) – Ed Randall Jul 17 '23 at 10:00

score 85 · Answer 2 · answered May 21 '18 at 19:30

85

I had the same problem on windows 10.

open windows powerShell and enter the following command:

npm config set registry http://registry.npmjs.org/

Then you can use:

npm install [your package]

answered May 21 '18 at 19:30

Ronaldo Moreira

1,007
7
3

7

This should be the accepted answer. Setting strict-ssl to false is dangerous. Thanks for solving this headache. – jarodtaylor Jul 25 '19 at 15:57
1

I am still getting that error post running this cmd.Help! – manish kumar Jan 29 '20 at 05:50
This solved my issue, however it is not clear what the implications are if you change the https by the http in the registry configuration. Doesn't it has the same effect as setting the ca to null? – Fabricio Feb 18 '21 at 22:53
8

this solution is no different from setting npm set strict-ssl false. using http (without s) is prone to man in the middle attacks – Tiago Stapenhorst Sep 13 '21 at 14:11

score 22 · Answer 3 · edited Aug 06 '21 at 09:20

22

As metioned by Akshay Vijay Jain above,

npm config set strict-ssl false

TURNING OFF SSL BEFORE INSTALLING THE LATEST VERSION:

Then install the latest version

npm install -g npm@latest

INSTALL SUCCESS!!:

See the screenshots added for clarity.

edited Aug 06 '21 at 09:20

Manas Khandelwal

3,790
2
11
24

answered Aug 30 '17 at 18:24

Liby George

301
3
2

score 19 · Answer 4 · edited May 23 '17 at 12:26

19

I'm new to npm as well. Besides the commands mentioned in your link I tried the following and it resolved my issues:

npm set strict-ssl false
disabled McAfee temporarily

Reference: Npm SELF_SIGNED_CERT_IN_CHAIN on Azure

edited May 23 '17 at 12:26

Community

1
1

answered Apr 07 '15 at 14:16

izmaxx

389
1
8

3

Disabling SSL should never be the answer. There must be some workaround for this... – Andrew Landsverk May 05 '15 at 16:52
15

@AndrewLandsverk it is if you are behind a restrictive corporate firewall. – Cloxure Apr 18 '16 at 17:48

score 19 · Answer 5 · answered Apr 10 '19 at 19:58

19

While setting StrictSsl to false is an option, it compromises your npm security. I recommend not disabling it. The following instructions elaborate on Shreedhar's post to use the cafile. Though it's written from a Windows 10 machine perspective it can be adapted.

Our company uses SSL Inpsection via a proxy, so at the very least we need to include the SSL Inspection certificate. The following instructions assume you are able to use a modern web browser on the machine you are trying to use an externally reaching npm function.

From a command console, run the following: npm config list
Record the value for metrics-registry. This should be a URL.
Open a browser to the URL. As of writing this answer, it is https://registry.npmjs.org/
Open the certificate information for the site. For Chrome on Windows, this involves clicking the padlock icon to the left of the URL in the address bar and selecting the option Certificate.
Inspect the certification path. For me, there is our corporate CA and our SSL Inspection certificate.
Download each certificate as Base64 encoded into a .cer or .crt file.
Compile all the certificates as-is into one .cer or .crt file.
Place this file into a user folder. Though we have a network-based users folder I recommend and use a local machine based folder. Note the full path to this file.
From a command console, run the following: npm config set cafile "C:\Local\Path\To\cafile4npm.cer" modifying the path and file noted in step 8.
Run your npm install command.

answered Apr 10 '19 at 19:58

gregsonian

1,126
13
15

I have never used docker images but maybe I can help out. What are the details of the error you are receiving? – gregsonian Jun 25 '19 at 21:01
there's no extra details; same error as in the title of the OP. – geoidesic Jul 09 '19 at 22:55
1

How do I do this part? Download each certificate as Base64 encoded into a .cer or .crt file. When I open the Certification Path there's no option to download? Must be installed right? My problem is a real unsigned cert exists in node_modules. – JWP Jul 03 '20 at 16:23
Thx. Running npm config list revealed a global /usr/local/etc/npmrc with a cafile=... entry which ruined my day until I found this answer. Thx. – HaVonTe Sep 08 '20 at 19:07
2

@JohnPeters If you click the padlock icon to the left of the URL Address Bar, there should be an option to view the certificate(s). In Windows 10, the window that pops contains 3 tabs: General, Details, and Certification Path. While the Certification Path tab shows you all the certificates between you and the server, it is from the Details tab that you can download the file. On Windows 10, the button is Copy to File... – gregsonian Sep 09 '20 at 12:46
I did find the root cause of this issue, someone had put an unsigned cert into a node module via a test component. Angular 8 and 9 couldn't deal with it. When we went to Angular 10 this problem went away, most likely due to an upgrade of those node modules causing the issue. Moral of story was "Don't ever publish an unsigned cert." – JWP Sep 09 '20 at 14:09
How do you "compile all the certificates as-is into one .cer or .crt file"? – Kyrstellaine Oct 25 '21 at 16:12
@Kyrstellaine it means you have to copy all the strings into one file. If you have say 2 certificates in the chain, your final file that is referenced in the configs should have both the strings. – burf Nov 02 '21 at 14:48

score 6 · Answer 6 · answered Jan 08 '21 at 06:44

6

Was getting same error when executed via Docker build. Powershell execution, however, was error free. Then modified the dockerfile with following (as suggested above):

RUN npm config set ca=""

RUN npm set strict-ssl false

This fixed the cert chain issue.

answered Jan 08 '21 at 06:44

Prem

303
2
9

Confirm, that's resolved my issue too. Thanks – 27P Apr 07 '21 at 07:30

score 4 · Answer 7 · answered Aug 29 '19 at 13:43

In CentOS and other Linux distros you need to configure NPM to use your Certificate Authorities file:

npm config set cafile "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" -g

Obviously check the file exists and contains all CA Roots you may encounter (e.g. corporate proxy).

score 4 · Answer 8 · answered Aug 12 '21 at 15:01

4

solve this problem with this command

npm config set strict-ssl=false

answered Aug 12 '21 at 15:01

Bhimo Bhaskoro

41
1

Please add some explanation. Why do you think your proposed solution might help the OP? – Tyler2P Aug 13 '21 at 12:07

score 3 · Answer 9 · answered Jan 29 '20 at 06:03

As of February 27, 2014, npm no longer supports its self-signed certificates. The following options, as recommended by npm, is to do one of the following:

Upgrade your version of npm

npm install npm -g --ca=""

-- OR --

Tell your current version of npm to use known registrars

npm config set ca ""

Update: npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npm with more solutions particular to different environments

Read more here

score 2 · Answer 10 · answered Mar 04 '19 at 14:00

Did you also tried settings cafile accommodating all pems in one file? npm add root CA

If you use proxy in your .npmrc file, I will suggest to set no_proxy environment variable with value of your <server IP address>

score 2 · Answer 11 · answered Oct 10 '20 at 00:45

2

You can disabled certificate validation for TLS connections:

NODE_TLS_REJECT_UNAUTHORIZED=0 npm install puppeteer

answered Oct 10 '20 at 00:45

Dan M

1,175
12
23

score 2 · Answer 12 · answered Feb 11 '22 at 21:34

2

Our corporate environment inflicted this on us via some company cert chicanery, and this bit the Windows devs in both npm and git operations. For npm, the instructions provided previously by gregsonian (building a cert and pointing npm config to use it) still work well. (Win-10 for reference.) I prefer otherwise keeping SSL enabled.

answered Feb 11 '22 at 21:34

Robert Lybarger

71
1
3

Upvoted solely on your use of the word "chicanery". – Mike6679 Jun 29 '23 at 14:58

score 1 · Answer 13 · answered Nov 01 '17 at 09:05

1

In my case, I had installed Fiddler, which has a self signed certificate which made the npm install go crazy.

See here how to remove the self signed Fiddler certificate How do you remove the root CA certificate that Fiddler installs

answered Nov 01 '17 at 09:05

Stefan Cronert

11
2

JWP · Answer 14 · 2020-07-16T12:30:54.043

None of the answers above helped out my situation. The culprit turned out to be the package agent-base pre 6.0.1. Indeed the owner admitted to shipping out self-signed certs in a test folder of his package. This forced a reinstall -D and -g but problem is still happening.

I found this cert by searching node_modules folder for *.pem.

Still working on getting npm caches to listen to me. Of course I'm the dummy right?

I'll post back additional findings.

Solution Found

7/7/2020

Our Angular application was upgraded from 8.3 to 10.0 today. Guess what? The errors disappeared. The root cause was someone published an unsigned cert that made it's way too deep in the NPM modules library. Even NPM 6.15 had it!

score 0 · Answer 15 · answered Aug 17 '20 at 15:32

I tried many solutions here and none really worked for me. I tried updating npm but got either a timeout (when registry was set to http://registry.npmjs.org/), or a 403 Forbidden responce (when registry was set to https://registry.npmjs.org/)

In the end, realsing that my problem was caused by being behind a proxy, what did work for me in the end was:

npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080

(credit: https://stackoverflow.com/a/12832637/4191296)

score 0 · Answer 16 · answered Sep 24 '20 at 23:17

0

I reinstalled node js and angular cli. It started working !!

answered Sep 24 '20 at 23:17

Karuna

11

1

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference – Prathamesh More Sep 25 '20 at 03:13

score 0 · Answer 17 · answered Nov 07 '21 at 11:48

0

If you want to trust another certificate I think its better define the environment variable to trust the new certificate NODE_EXTRA_CA_CERTS=<path to .pem file> https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

answered Nov 07 '21 at 11:48

tal

1

1

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – Tyler2P Nov 07 '21 at 12:08

score 0 · Answer 18 · answered Nov 27 '21 at 01:33

In my case I initially setup squid to proxy all http & https requests on my local ubuntu box, but was not aware that TLS version >= 1.3 requires ssl-bump, peek and splice TLS handshake features.

The following might help others understand what is going on "under the hood" so you can be confident that your fix is correct. If you don't use squid then skip that part, but take note of the final npm step.

Here are the steps to upgrade squid :

Install an upgrade patch provided by diladele . I also ran : apt upgrade after apt update
Use this tutorial to upgrade squid config to compliment the new ssl-bump features
Add env vars HTTP_PROXY=http://your.proxy.domain:3128 HTTPS_PROXY=http://your.proxy.domain:3128
Setup Firefox and/or Chrome to use squid as the http/https proxy

To enable npm ssl install, add the proxy ca-certificate.pem to the npm config

npm config set cafile /etc/squid/certs/squid-ca-cert.pem

After running step 5, npm install from https://registry.npmjs.org worked fine

score 0 · Answer 19 · answered Apr 12 '23 at 07:38

I was blocked by my company Certificate to resolve the problem I followed the steps as Gregsonian said but the problem was not resolved for me for different reasons:

Make sure you get the root ca file or as it was said by Gregsonian, copy all the certificate into one cer file (in the correct order !)
Make sure that you don't have ca list defined: ca=[""](if defined then add correctly the ca path in that list). Because I set my cafile with the correct cer file but since i had an empty ca list also defined, npm choose by default the list so the error kept appearing -> the solution is to remove that list then and only have the cafile (npm config set cafile "path-to-cafile")

By doing correctly the two previous steps i can now use npm correctly

Hope it can help some people

nodejs "npm ERR! code SELF_SIGNED_CERT_IN_CHAIN"

19 Answers19

Linked