Skip to content

Error: self signed certificate in certificate chain #695

New issue
New issue
Closed
Closed
Error: self signed certificate in certificate chain#695
Labels
NODE_TLS_REJECT_UNAUTHORIZED
@JannesMeyer

Description

@JannesMeyer
JannesMeyer
opened on Aug 19, 2015

My .npmrc looks like this:

registry=http://registry.npmjs.org/
strict-ssl=false
python=python2.7
ca=

It shouldn't even try to open a SSL connection because I'm using HTTP for the registry.

npm install protractor gives an error when running node-gyp "Error: self signed certificate in certificate chain":

> utf-8-validate@1.1.0 install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> bufferutil@1.1.0 install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing utf-8-validate@1.1.0
npm WARN optional dep failed, continuing bufferutil@1.1.0
protractor@2.1.0 node_modules\protractor
├── jasminewd@1.1.0
├── jasminewd2@0.0.5
├── html-entities@1.1.3
├── saucelabs@0.1.1
├── q@1.0.0
├── minijasminenode@1.1.1
├── optimist@0.6.1 (wordwrap@0.0.3, minimist@0.0.10)
├── adm-zip@0.4.4
├── glob@3.2.11 (inherits@2.0.1, minimatch@0.3.0)
├── jasmine@2.3.1 (exit@0.1.2, jasmine-core@2.3.4)
├── source-map-support@0.2.10 (source-map@0.1.32)
├── accessibility-developer-tools@2.6.0
├── request@2.36.0 (qs@0.6.6, forever-agent@0.5.2, aws-sign2@0.5.0, oauth-sign@0.3.0, tunnel-agent@0.4.1, json-stringify
-safe@5.0.1, mime@1.2.11, node-uuid@1.4.3, form-data@0.1.4, http-signature@0.10.1, tough-cookie@2.0.0, hawk@1.0.0)
├── lodash@2.4.2
└── selenium-webdriver@2.45.1 (tmp@0.0.24, rimraf@2.4.2, xml2js@0.4.4, ws@0.7.2)
. > npm install protractor
-


> bufferutil@1.1.0 install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> utf-8-validate@1.1.0 install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing bufferutil@1.1.0
npm WARN optional dep failed, continuing utf-8-validate@1.1.0
protractor@2.1.0 node_modules\protractor
├── jasminewd@1.1.0
├── jasminewd2@0.0.5
├── html-entities@1.1.3
├── saucelabs@0.1.1
├── q@1.0.0
├── minijasminenode@1.1.1
├── optimist@0.6.1 (wordwrap@0.0.3, minimist@0.0.10)
├── adm-zip@0.4.4
├── glob@3.2.11 (inherits@2.0.1, minimatch@0.3.0)
├── jasmine@2.3.1 (exit@0.1.2, jasmine-core@2.3.4)
├── accessibility-developer-tools@2.6.0
├── source-map-support@0.2.10 (source-map@0.1.32)
├── lodash@2.4.2
├── request@2.36.0 (forever-agent@0.5.2, aws-sign2@0.5.0, qs@0.6.6, oauth-sign@0.3.0, tunnel-agent@0.4.1, json-stringify
-safe@5.0.1, mime@1.2.11, node-uuid@1.4.3, form-data@0.1.4, http-signature@0.10.1, tough-cookie@2.0.0, hawk@1.0.0)
└── selenium-webdriver@2.45.1 (tmp@0.0.24, rimraf@2.4.2, xml2js@0.4.4, ws@0.7.2)
. > npm install protractornpm config set ca ""
. > npm config set ca ""
. > npm install protractor
|
> utf-8-validate@1.1.0 install .\node_modules\protractor\node_modules\selenium-webd
river\node_modules\ws\node_modules\utf-8-validate
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\utf-8-validate>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..
\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\utf-8-validate
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok

> bufferutil@1.1.0 install .\node_modules\protractor\node_modules\selenium-webdrive
r\node_modules\ws\node_modules\bufferutil
> node-gyp rebuild


.\node_modules\protractor\node_modules\selenium-webdriver\node_modules\ws\node_modu
les\bufferutil>if not defined npm_config_node_gyp (node "C:\Program Files\iojs\node_modules\npm\bin\node-gyp-bin\\..\..\
node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node  rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1010:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:566:8)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\iojs\\node.exe" "C:\\Program Files\\iojs\\node_modules\\npm\\node_modules\\node-gyp
\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd .\node_modules\protractor\node_modules\selenium-webdriver\node_modules
\ws\node_modules\bufferutil
gyp ERR! node -v v3.0.0
gyp ERR! node-gyp -v v2.0.2
gyp ERR! not ok
npm WARN optional dep failed, continuing utf-8-validate@1.1.0
npm WARN optional dep failed, continuing bufferutil@1.1.0
protractor@2.1.0 node_modules\protractor
├── jasminewd@1.1.0
├── jasminewd2@0.0.5
├── saucelabs@0.1.1
├── html-entities@1.1.3
├── q@1.0.0
├── minijasminenode@1.1.1
├── optimist@0.6.1 (wordwrap@0.0.3, minimist@0.0.10)
├── adm-zip@0.4.4
├── jasmine@2.3.1 (exit@0.1.2, jasmine-core@2.3.4)
├── source-map-support@0.2.10 (source-map@0.1.32)
├── accessibility-developer-tools@2.6.0
├── lodash@2.4.2
├── glob@3.2.11 (inherits@2.0.1, minimatch@0.3.0)
├── request@2.36.0 (aws-sign2@0.5.0, qs@0.6.6, forever-agent@0.5.2, oauth-sign@0.3.0, tunnel-agent@0.4.1, json-stringify
-safe@5.0.1, mime@1.2.11, node-uuid@1.4.3, form-data@0.1.4, http-signature@0.10.1, tough-cookie@2.0.0, hawk@1.0.0)
└── selenium-webdriver@2.45.1 (tmp@0.0.24, rimraf@2.4.2, xml2js@0.4.4, ws@0.7.2)

Activity

JannesMeyer

JannesMeyer commented on Sep 1, 2015

@JannesMeyer
JannesMeyer
on Sep 1, 2015
Author

Any ideas why this might be happening?

Megadesty

Megadesty commented on Sep 23, 2015

@Megadesty
Megadesty
on Sep 23, 2015

Have the same problem with node 4.1 and node-gyp 3.0.3:

gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1000:38)
gyp ERR! stack     at emitNone (events.js:67:13)
gyp ERR! stack     at TLSSocket.emit (events.js:166:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:567:8)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "C:\\Program Files (x86)\\nodejs\\node.exe" "C:\\Program Files (x86)\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure" "--fallback-to-build" "--module=C:\\Users\\user\\AppData\\Roaming\\npm\\node_modules\\node-inspector\\node_modules\\v8-debug\\build\\debug\\v0.5.4\\node-v46-win32-ia32\\debug.node" "--module_name=debug" "--module_path=C:\\Users\\user\\AppData\\Roaming\\npm\\node_modules\\node-inspector\\node_modules\\v8-debug\\build\\debug\\v0.5.4\\node-v46-win32-ia32"
gyp ERR! cwd C:\Users\user\AppData\Roaming\npm\node_modules\node-inspector\node_modules\v8-debug
gyp ERR! node -v v4.1.0
gyp ERR! node-gyp -v v3.0.3
gyp ERR! not ok
raysuelzer

raysuelzer commented on Oct 1, 2015

@raysuelzer
raysuelzer
on Oct 1, 2015

Same problem. It doesn't seem to be respecting my global configuration settings for some reason. basically impossible to install behind a corporate proxy.

warroyo

warroyo commented on Oct 2, 2015

@warroyo
warroyo
on Oct 2, 2015

Same issue here, can we get a fix for this pelase!

warroyo

warroyo commented on Oct 2, 2015

@warroyo
warroyo
on Oct 2, 2015

i found this comment on another issue and it seems to work #448 (comment). just set that environment variable. This is a hacky work around though, node-gyp should respect npmrc.

bnoordhuis

bnoordhuis commented on Oct 3, 2015

@bnoordhuis
bnoordhuis
on Oct 3, 2015
Member

node-gyp doesn't use the npm registry, it downloads the tarball from https://nodejs.org/.

Setting NODE_TLS_REJECT_UNAUTHORIZED=0 in the environment will disable verification but you are setting yourself up for a MitM attack. Closing, not a bug but a feature.

bnoordhuis
closed this as completedon Oct 3, 2015
weagle08

weagle08 commented on Oct 20, 2015

@weagle08
weagle08
on Oct 20, 2015

why close this? it seems to be a pretty common issue for a lot of people downloading packages that require node-gyp, and I just installed newest nodejs and npm and am still getting this issue. Using the NODE_TLS_REJECT_UNAUTHORIZED=0 may work, but it is a hack fix.

bnoordhuis

bnoordhuis commented on Oct 20, 2015

@bnoordhuis
bnoordhuis
on Oct 20, 2015
Member

Knowing what you know, what would you have node-gyp do differently?

weagle08

weagle08 commented on Oct 20, 2015

@weagle08
weagle08
on Oct 20, 2015

knowing what I know, I know that this has surpassed my scope of knowledge as far as the internal workings of node-gyp, but would it be possible to have a config file for just node-gyp in which you can set settings like this?

marksy

marksy commented on Oct 20, 2015

@marksy
marksy
on Oct 20, 2015

Excuse my ignorance but how do you use NODE_TLS_REJECT_UNAUTHORIZED=0

I'm on Windows using cmd

Do I set this in the: npm confit set NODE_TLS_REJECT_UNAUTHORIZED=0

marksy

marksy commented on Oct 20, 2015

@marksy
marksy
on Oct 20, 2015

Config* sorry

weagle08

weagle08 commented on Oct 20, 2015

@weagle08
weagle08
on Oct 20, 2015

from command line you can do:
set NODE_TLS_REJECT_UNAUTHORIZED=0
npm install [mypackage]

weagle08

weagle08 commented on Oct 20, 2015

@weagle08
weagle08
on Oct 20, 2015

Or you can set it as a windows environment variable but I would recommend the first option.

marksy

marksy commented on Oct 20, 2015

@marksy
marksy
on Oct 20, 2015

Cool thanks @weagle08

70 remaining items

mwiede
mentioned this on Mar 1, 2022
jcgertig

jcgertig commented on Jun 15, 2022

@jcgertig
jcgertig
on Jun 15, 2022

@Fjaoos did you ever fix this issue?

tonjohn

tonjohn commented on Jul 13, 2022

@tonjohn
tonjohn
on Jul 13, 2022

I hit this issue on node v16.14.0 and v16.16.0. However, it works fine on v16.13.1. Is anyone looking into this?

nhurion

nhurion commented on Jul 27, 2022

@nhurion
nhurion
on Jul 27, 2022

on windows, version v16.16.0.
those are not working
Set NODE_TLS_REJECT_UNAUTHORIZED=0
SET NODE_EXTRA_CA_CERTS=C:\path\to\my\companys\cafile.pem

Is there a way to specify where the file should be downloaded from or do I have to hack the hosts file to avoid this blocking issue ?

NekitCorp

NekitCorp commented on Mar 1, 2023

@NekitCorp
NekitCorp
on Mar 1, 2023

My workaround is to transfer file content cafile to ca one-line PEM format:

.npmrc:

# from
cafile=/path/to/cert.pem

# to
ca="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"
Fjaoos

Fjaoos commented on Mar 6, 2023

@Fjaoos
Fjaoos
on Mar 6, 2023

@Fjaoos did you ever fix this issue?

Unfortunately I do not remember but I am sure it was a mix of corporate proxy/firewall and very restricted windows clients.
I have since moved on from that environment.

sereksim

sereksim commented on Mar 27, 2023

@sereksim
sereksim
on Mar 27, 2023 · edited by sereksim

Is there a solution that actually works? I tried every suggestion...

set NODE_TLS_REJECT_UNAUTHORIZED=0
npm install -g --unsafe-perm binding
     added 1 package in 13s
npm config set strict-ssl false
set npm_config_cafile "C:\path\to\certificate.pem"
npm config set cafile "C:\path\to\certificate.pem" --global
set NODE_EXTRA_CERTS="C:\path\to\certificate.pem"
set NODE_EXTRA_CA_CERTS="C:\path\to\certificate.pem"

... and node-gyp still fails:

node-gyp configure
gyp info it worked if it ends with ok
gyp info using node-gyp@9.3.1
gyp info using node@18.13.0 | win32 | x64                                                                               
gyp info find Python using Python version 3.9.7 found at "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python39_64\python.exe"                                                                                                         gyp http GET https://nodejs.org/download/release/v18.13.0/node-v18.13.0-headers.tar.gz                                  gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack FetchError: request to https://nodejs.org/download/release/v18.13.0/node-v18.13.0-headers.tar.gz failed, reason: self-signed certificate in certificate chain
gyp ERR! stack     at ClientRequest.<anonymous> (C:\Users\bla\AppData\Roaming\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\index.js:130:14)
gyp ERR! stack     at ClientRequest.emit (node:events:513:28)
gyp ERR! stack     at TLSSocket.socketErrorListener (node:_http_client:496:9)
gyp ERR! stack     at TLSSocket.emit (node:events:525:35)
gyp ERR! stack     at emitErrorNT (node:internal/streams/destroy:151:8)
gyp ERR! stack     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
gyp ERR! stack     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
gyp ERR! System Windows_NT 10.0.22000
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\bla\\AppData\\Roaming\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure"
gyp ERR! cwd C:\Users\bla\my\current\directory
gyp ERR! node -v v18.13.0
gyp ERR! node-gyp -v v9.3.1
gyp ERR! not ok

I also tried to manually download the tar.gz as described here: nodejs/help#3686 (comment), but that didn't change anything. Even if I have the tar.gz file in the \tmp directory, the command fails, because the commands loads multiple files, not only the tar.gz.
Maybe I could load those files manually, but without knowing every file which is downloaded in the process, that doesn't work either...

Edit: This might be connected to the issues nodejs/node#3742, #448 and the already mentioned nodejs/help#3686, but the recommendations there are similar to those here.

Edit2: Installing something with npm install doesn't work either: npm ERR! RequestError: self-signed certificate in certificate chain

sereksim
mentioned this on Mar 28, 2023
sereksim

sereksim commented on Mar 29, 2023

@sereksim
sereksim
on Mar 29, 2023 · edited by sereksim

None of the other methods worked for me (see #695 (comment)), but this command finally solved the problem (on Windows 11):
$env:NODE_EXTRA_CA_CERTS="C:\path\to\certificate.crt"

node-gyp and npm now work without any problems.

cclauss
added
NODE_TLS_REJECT_UNAUTHORIZED
on Apr 17, 2023
TimelordUK
mentioned this on Jun 15, 2023
tooolbox

tooolbox commented on Jul 5, 2023

@tooolbox
tooolbox
on Jul 5, 2023

After an hour of trying everything, NODE_TLS_REJECT_UNAUTHORIZED did not work for me, but NODE_EXTRA_CA_CERTS did.

cclauss
mentioned this in 2 issues on Jul 5, 2023
jbgomond

jbgomond commented on Oct 24, 2023

@jbgomond
jbgomond
on Oct 24, 2023 · edited by jbgomond

node-gyp switched to make-fetch-happen, which does not support this this environment variable ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    NODE_TLS_REJECT_UNAUTHORIZED

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @coke@andig@bnoordhuis@jcgertig@cawoodm

        Issue actions
          Error: self signed certificate in certificate chain · Issue #695 · nodejs/node-gyp