65

I am having issues getting NPM to install properly. I have tried stepping through the instructions on several of the posts here on stack overflow, specifically from this thread: SELF_SIGNED_CERT_IN_CHAIN error while using npm install

Also I have tried going through the documentation on NPM's site: https://blog.npmjs.org/post/78165272245/more-help-with-self-signed-cert-in-chain-and-npm.html

I am still receiving the error everytime I try to install. please advise.

Michael
  • 344
  • 5
  • 17
jacobjp52285
  • 713
  • 1
  • 5
  • 8
  • What is the actual error that you are receiving. – Brian P Dec 28 '15 at 18:47
  • The link to the (now archived) npm blog is missing some hyphens: https://blog.npmjs.org/post/78165272245/more-help-with-self-signed-cert-in-chain-and-npm.html – Matt Sach Jan 21 '22 at 15:03

4 Answers4

135

If you're behind the corporate proxy (which uses e.g. Blue Coat), you should use http instead of https for repository addresses, e.g.

npm config set registry="http://registry.npmjs.org/"

See: Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN while using npm.

You can also import failing self-certificate into your system and mark as trusted, or temporary disable SSL validation while installing packages (quick, but not recommended method):

npm config set strict-ssl false

See: Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN while using npm.

The recommended way (and more painful) is just to point to the right certificate file, e.g.

npm config set cafile "<path to your certificate file>"

See: How to fix SSL certificate error when running Npm on Windows?.

silyevsk
  • 4,021
  • 3
  • 31
  • 30
kenorb
  • 155,785
  • 88
  • 678
  • 743
  • 3
    I'm a corporate user, on OSX I found the relevant cert in the "Keychain Access" application, under the "System" keychain, in the "Certificates" category. I found one with the name "RootCA" in it, right click, export, choose the pem file format. Use that file as the cafile in this answer. – camomileCase Apr 25 '18 at 18:36
  • You can also identify the certificate with wget: `wget https://registry.npmjs.org/express`, yielding something like `cannot verify registry.npmjs.org's certificate, issued by ‘CN=HTTPS Proxy CA,OU=…`. – tjanson Jul 02 '19 at 15:03
12

This works for me:

$ export NODE_TLS_REJECT_UNAUTHORIZED=0
$ npm install
Michael Mrozek
  • 169,610
  • 28
  • 168
  • 175
HAltos
  • 701
  • 7
  • 6
  • 2
    This works, but this defeats the goal of using TLS at all. It's not recommended or even bad practice. Check this https://github.com/nodejs/node/issues/5258 – Michael Mar 03 '22 at 13:02
11

I know this question has been posted a few years ago. Since it still pops up at the top results on Google, I would like to share my proper and secure solution for this problem.

Solution for one Authority Root certificate

I would like to advise everyone to make sure to keep your connection secured by using the https registry. Also stop disabeling strict-ssl. Many are missing the point here and go for a quick fix instead of the only right solution.

You'll have to add your .pem certificate to the .npmrc file (npm config). When you just need to add one certificate use the following:

npm config set cafile /path/to/cert.pem

Solution for multiple Authority Root certificates

When you're company uses multiple certificates (like mine) you'll first need to combine the certificates to one .pem by entering the following command in your terminal:

cat cert1.pem cert2.pem > cert_combined.pem

Then make sure to point the right .pem file in your .npmrc

npm config set cafile /path/to/cert_combined.pem

Forget the solutions other people mention like ca[]="..." and NODE_EXTRA_CA_CERTS. This solution is tested and verified within a company that uses multiple Authority Root certificates using node v16.13.0 and npm v8.3.0.

M. Groenhout
  • 386
  • 2
  • 10
  • 1
    Hi @Groenhout how do I find which certificate I should export from the mac keychain. I have more than 50 certificates. Does node uses any specific certificate that I can export in pem format and add it to npm config? – Parik Tiwari Feb 25 '22 at 02:04
  • 1
    Hi @ParikTiwari, the following link will probably provide you with the information you’ll need. If not, let me know. Make sure to use de Root CA. https://www.clickssl.net/blog/how-to-view-ssl-certificate-details-in-every-browser – M. Groenhout Feb 26 '22 at 08:44
  • @M.Groenhout regarding the last paragraph of your answer to forget about ca[] and such... why should we forget that? I have a clue why, but not sure (think CA's are not bundled anymore with npm but were in the past?). – Michael Mar 03 '22 at 14:07
  • @M.Groenhout thank you! I've spent two days in `node-gyp` hell trying to figure out this self-signed cert in keychain issue I've had, and this is the answer that finally got everything working properly :) – Don Brody Mar 07 '23 at 21:43
3

Use this command below and it could work fine:

npm config set registry="http://registry.npmjs.org/"

Higor Felype
  • 55
  • 2
  • 2