npm install error - unable to get local issuer certificate

Question

I am getting an unable to get local issuer certificate error when performing an npm install:

typings ERR! message Unable to read typings for "es6-shim". You should check the
 entry paths in "es6-shim.d.ts" are up to date
typings ERR! caused by Unable to connect to "https://raw.githubusercontent.com/D
efinitelyTyped/DefinitelyTyped/7de6c3dd94feaeb21f20054b9f30d5dabc5efabd/es6-shim
/es6-shim.d.ts"
typings ERR! caused by unable to get local issuer certificate

I have recently update to node 4 from a much earlier version and it sounds like node is much more strict when these kind of problems arise.

There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.

I am behind a corporate firewall, but I can get to the url fine in a browser without any restriction.

Does anyone have any further insight into this issue and what possible solutions there are?

I'm wondering about reverting to node 0.12 in the meantime :(

Answer 1

Typings can be configured with the ~/.typingsrc config file. (~ means your home directory)

After finding this issue on github: https://github.com/typings/typings/issues/120, I was able to hack around this issue by creating ~/.typingsrc and setting this configuration:

{
  "proxy": "http://<server>:<port>",
  "rejectUnauthorized": false
}

It also seemed to work without the proxy setting, so maybe it was able to pick that up from the environment somewhere.

This is not a true solution, but was enough for typings to ignore the corporate firewall issues so that I could continue working. I'm sure there is a better solution out there.

Answer 2

Try this npm config set strict-ssl false. This is a alternative shared in this url https://github.com/nodejs/node/issues/3742

Answer 3

There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.

This isn't too difficult once you know how! For Windows:

Using Chrome go to the root URL NPM is complaining about (so https://raw.githubusercontent.com in your case). Open up dev tools and go to Security-> View Certificate. Check Certification path and make sure your at the top level certificate, if not open that one. Now go to "Details" and export the cert with "Copy to File...".

You need to convert this from DER to PEM. There are several ways to do this, but the easiest way I found was an online tool which should be easy to find with relevant keywords.

Now if you open the key with your favorite text editor you should see

-----BEGIN CERTIFICATE----- 

yourkey

-----END CERTIFICATE-----

This is the format you need. You can do this for as many keys as you need, and combine them all into one file. I had to do github and the npm registry keys in my case.

Now just edit your .npmrc to point to the file containing your keys like so

cafile=C:\workspace\rootCerts.crt

I have personally found this to perform significantly better behind our corporate proxy as opposed to the strict-ssl option. YMMV.

Answer 4

Just place below comments using Command prompt.

Its 100% resolved successfully

-npm config set strict-ssl false

Answer 5

Well this is not a right answer but can be consider as a quick workaround. Right answer is turn off Strict SSL.

I am having the same error

PhantomJS not found on PATH
Downloading https://github.com/Medium/phantomjs/releases/download/v2.1.1/phantomjs-2.1.1-windows.zip
Saving to C:\Users\Sam\AppData\Local\Temp\phantomjs\phantomjs-2.1.1-windows.zip
Receiving...

Error making request.
Error: unable to get local issuer certificate
at TLSSocket. (_tls_wrap.js:1105:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:639:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38)

So the after reading the error.

Just downloaded the file manually and placed it on the required path. i.e

C:\Users\Sam\AppData\Local\Temp\phantomjs\

This solved my problem.

    PhantomJS not found on PATH                                                                                                
Download already available at C:\Users\sam\AppData\Local\Temp\phantomjs\phantomjs-2.1.1-windows.zip                    
Verified checksum of previously downloaded file                                                                            
Extracting zip contents                                    

Answer 6

A disclaimer: This solution is less secure, bad practice, don't do this. I had a duplicate error message--I'm behind a corporate VPN/firewall. I was able to resolve this issue by adding a .typingsrc file to my user directory (C:\Users\MyUserName\.typingsrc in windows). Of course, anytime you're circumventing SSL you should be yapping to your sys admins to fix the certificate issue.

Change the registry URL from https to http, and as seen in nfiles' answser above, set rejectUnauthorized to false.

.typingsrc (placed in project directory or in user root directory)

{
     "rejectUnauthorized": false,
     "registryURL": "http://api.typings.org/"
}

Optionally add your github token (I didn't find success until I had added this too.)

{
    "rejectUnauthorized": false,
    "registryURL": "http://api.typings.org/",
    "githubToken": "YourGitHubToken"
}

See instructions for setting up your github token at https://github.com/blog/1509-personal-api-tokens

Answer 7

Add:

process.env["NODE_TLS_REJECT_UNAUTHORIZED"]

Source: Ignore invalid self-signed ssl certificate in node.js with https.request?