I need to get a pre-packaged node.js application to trust a self signed certificate. Unfortunately it seems to use Linux file capabilities which means the NODE_EXTRA_CA_CERTS environment variable is ignored. It's a pre-packaged app so doing it via the source code isn't an option either. Is there any documentation on how Node.js applications figure out which certificates to trust? I've tried adding the certificate to the /usr/local/share/ca-certificates folder and running update-ca-certificates but that made no difference so I assume Node.js figures out which certificates to trust some other way.
Asked
Active
Viewed 3,688 times
1
Harry Muscle
- 2,247
- 4
- 38
- 62
-
Dupe https://stackoverflow.com/questions/21004645/where-is-nodes-certificate-store and https://stackoverflow.com/questions/14619576/where-is-the-default-ca-certs-used-in-nodejs . If you control toplevel app code but not lower, `https.globalAgent` is documented, and https://stackoverflow.com/questions/68896243/how-to-properly-configure-node-js-to-use-self-signed-root-certificates has a monkeypatch using undocumented `(tls.createSecureContext).context.addCACert` that seems to work (for now). – dave_thompson_085 Jan 24 '22 at 05:46