nodejs "npm ERR! code SELF_SIGNED_CERT_IN_CHAIN"

I'm new to nodejs and npm. I'm trying to install log4js and this is the command for the install:

npm install log4js

I'm running this from Windows Command Line and I after a while of a marker spinning I get the following error:

npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "log4js"
npm ERR! node v0.12.0
npm ERR! npm  v2.5.1
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN

npm ERR! self signed certificate in certificate chain
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <http://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     C:\srv\npm-debug.log

I tried doing npm config set ca="" like suggested here: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more but I'm still getting this error.

How can I solve this and install NPMs ?

>Disabling strict-ssl mode will remove this error.

npm set strict-ssl false

Since this is turning off SSL security, we should try this as last step if below two steps don't help.

This issue can arise due to incompatibility between SSL certificate file of npm and node registry.

Try

1) telling your current version of npm to use node's ca instead of built in ca

npm config set ca=""

2) OR upgrading your version of npm

npm install npm -g --ca=null

I had the same problem on windows 10.

open windows powerShell and enter the following command:

npm config set registry http://registry.npmjs.org/

Then you can use:

npm install [your package]

I'm new to npm as well. Besides the commands mentioned in your link I tried the following and it resolved my issues:

• npm set strict-ssl false
• disabled McAfee temporarily

Reference: https://stackoverflow.com/questions/22099098/npm-self-signed-cert-in-chain-on-azure

As metioned by Akshay Vijay Jain above,

npm config set strict-ssl false

TURNING OFF SSL BEFORE INSTALLING THE LATEST VERSION:

Then install the latest version

npm install -g npm@latest

INSTALL SUCCESS!!:

See the screenshots added for clarity.

While setting StrictSsl to false is an option, it compromises your npm security. I recommend not disabling it. The following instructions elaborate on Shreedhar's post to use the cafile. Though it's written from a Windows 10 machine perspective it can be adapted.

Our company uses SSL Inpsection via a proxy, so at the very least we need to include the SSL Inspection certificate. The following instructions assume you are able to use a modern web browser on the machine you are trying to use an externally reaching npm function.

1. From a command console, run the following: npm config list
2. Record the value for metrics-registry. This should be a URL.
3. Open a browser to the URL. As of writing this answer, it is https://registry.npmjs.org/
4. Open the certificate information for the site. For Chrome on Windows, this involves clicking the padlock icon to the left of the URL in the address bar and selecting the option Certificate.
5. Inspect the certification path. For me, there is our corporate CA and our SSL Inspection certificate.
6. Download each certificate as Base64 encoded into a .cer or .crt file.
7. Compile all the certificates as-is into one .cer or .crt file.
8. Place this file into a user folder. Though we have a network-based users folder I recommend and use a local machine based folder. Note the full path to this file.
9. From a command console, run the following: npm config set cafile "C:\Local\Path\To\cafile4npm.cer" modifying the path and file noted in step 8.
10. Run your npm install command.

Was getting same error when executed via Docker build. Powershell execution, however, was error free. Then modified the dockerfile with following (as suggested above):

RUN npm config set ca=""

RUN npm set strict-ssl false

This fixed the cert chain issue.

In CentOS and other Linux distros you need to configure NPM to use your Certificate Authorities file:

npm config set cafile "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" -g

Obviously check the file exists and contains all CA Roots you may encounter (e.g. corporate proxy).

As of February 27, 2014, npm no longer supports its self-signed certificates. The following options, as recommended by npm, is to do one of the following:

Upgrade your version of npm

npm install npm -g --ca=""

-- OR --

Tell your current version of npm to use known registrars

npm config set ca ""

Update: npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npm with more solutions particular to different environments

Read more here

solve this problem with this command

npm config set strict-ssl=false

Did you also tried settings cafile accommodating all pems in one file? https://stackoverflow.com/questions/23788564/npm-add-root-ca

If you use proxy in your .npmrc file, I will suggest to set no_proxy environment variable with value of your <server IP address>

In my case, I had installed Fiddler, which has a self signed certificate which made the npm install go crazy.

See here how to remove the self signed Fiddler certificate How do you remove the root CA certificate that Fiddler installs

None of the answers above helped out my situation. The culprit turned out to be the package agent-base pre 6.0.1. Indeed the owner admitted to shipping out self-signed certs in a test folder of his package. This forced a reinstall -D and -g but problem is still happening.

I found this cert by searching node_modules folder for *.pem.

Still working on getting npm caches to listen to me. Of course I'm the dummy right?

I'll post back additional findings.

Solution Found

7/7/2020

Our Angular application was upgraded from 8.3 to 10.0 today. Guess what? The errors disappeared. The root cause was someone published an unsigned cert that made it's way too deep in the NPM modules library. Even NPM 6.15 had it!

I tried many solutions here and none really worked for me. I tried updating npm but got either a timeout (when registry was set to http://registry.npmjs.org/), or a 403 Forbidden responce (when registry was set to https://registry.npmjs.org/)

In the end, realsing that my problem was caused by being behind a proxy, what did work for me in the end was:

npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080

(credit: https://stackoverflow.com/a/12832637/4191296)

I reinstalled node js and angular cli. It started working !!

You can disabled certificate validation for TLS connections:

NODE_TLS_REJECT_UNAUTHORIZED=0 npm install puppeteer

If you want to trust another certificate I think its better define the environment variable to trust the new certificate NODE_EXTRA_CA_CERTS= https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

In my case I initially setup squid to proxy all http & https requests on my local ubuntu box, but was not aware that TLS version >= 1.3 requires ssl-bump, peek and splice TLS handshake features.

The following might help others understand what is going on "under the hood" so you can be confident that your fix is correct. If you don't use squid then skip that part, but take note of the final npm step.

Here are the steps to upgrade squid :

1. Install an upgrade patch provided by diladele . I also ran : apt upgrade after apt update
2. Use this tutorial to upgrade squid config to compliment the new ssl-bump features
3. Add env vars HTTP_PROXY=http://your.proxy.domain:3128 HTTPS_PROXY=http://your.proxy.domain:3128
4. Setup Firefox and/or Chrome to use squid as the http/https proxy

To enable npm ssl install, add the proxy ca-certificate.pem to the npm config

5. npm config set cafile /etc/squid/certs/squid-ca-cert.pem

After running step 5, npm install from https://registry.npmjs.org worked fine

Our corporate environment inflicted this on us via some company cert chicanery, and this bit the Windows devs in both npm and git operations. For npm, the instructions provided previously by gregsonian (building a cert and pointing npm config to use it) still work well. (Win-10 for reference.) I prefer otherwise keeping SSL enabled.