问题
At work we are behind an SSL inspection appliance which resigns all traffic with the companies root CA. Is there a way to add this certificate to Meteor.
When not suing meteor we can tell NPM where our CA cert lives:
npm config set cafile /path/to/cert.pem
Is there a way to add the certificate to Meteor's trusted list?
Here is the error in full:
$ meteor add twbs:bootstrap
Unable to update package catalog (are you offline?)
If you are using Meteor behind a proxy, set HTTP_PROXY and HTTPS_PROXY
environment variables or see this page for more details:
https://github.com/meteor/meteor/wiki/Using-Meteor-behind-a-proxy
=> Errors while adding packages:
While downloading twbs:bootstrap@3.3.4...:
error: CERT_UNTRUSTED
Your package catalog may be out of date.
Please connect to the internet and try again.
And just to show that I have the proxy properly configured
$ printenv | grep -i proxy
http_proxy=http://gatekeeper-w.<my company>.org:80/
https_proxy=http://gatekeeper-w.<my company>.org:80/
HTTP_PROXY=http://gatekeeper-w.<my company>.org:80/
HTTPS_PROXY=http://gatekeeper-w.<my company>.org:80/
EDIT.
I was able to turn on verbose logging in the meteor cli:
$ meteor add twbs:bootstrap
Opening db file /home/techplex/.meteor/package-metadata/v2.0.1/packages.data.db
In remote catalog refresh
Unable to update package catalog (are you offline?)
If you are using Meteor behind a proxy, set HTTP_PROXY and HTTPS_PROXY environment variables or see this page for more details: https://github.com/meteor/meteor/wiki/Using-Meteor-behind-a-proxy
Network error: wss://packages.meteor.com/websocket: CERT_UNTRUSTED
Error: Network error: wss://packages.meteor.com/websocket: CERT_UNTRUSTED
at Object.Future.wait (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/lib/node_modules/fibers/future.js:398:15)
at new ServiceConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/service-connection.js:85:17)
at Object.exports.openServiceConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/auth-client.js:12:10)
at openPackageServerConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:22:21)
at _updateServerPackageData (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:151:14)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:130:12
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
at Object.exports.updateServerPackageData (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:129:23)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog-remote.js:784:36
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
at [object Object]._.extend.refresh (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog-remote.js:783:18)
at Object.catalog.refreshOrWarn (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog.js:48:22)
at [object Object].catalog.Refresh.OnceAtStart.beforeCommand (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog.js:21:16)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/main.js:1359:32
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/main.js:1358:20
- - - - -
at packages/ddp/stream_client_nodejs.js:178:1
at packages/ddp/stream_client_nodejs.js:168:1
at runWithEnvironment (packages/meteor/dynamics_nodejs.js:108:1)
Failed to update package catalog, but will continue.
Local package version is up-to-date: autopublish@1.0.3
Local package version is up-to-date: autoupdate@1.2.1
Local package version is up-to-date: base64@1.0.3
Local package version is up-to-date: binary-heap@1.0.3
Local package version is up-to-date: blaze@2.1.2
Local package version is up-to-date: blaze-tools@1.0.3
Local package version is up-to-date: boilerplate-generator@1.0.3
Local package version is up-to-date: callback-hook@1.0.3
Local package version is up-to-date: check@1.0.5
Local package version is up-to-date: ddp@1.1.0
Local package version is up-to-date: deps@1.0.7
Local package version is up-to-date: ejson@1.0.6
Local package version is up-to-date: fastclick@1.0.3
Local package version is up-to-date: geojson-utils@1.0.3
Local package version is up-to-date: html-tools@1.0.4
Local package version is up-to-date: htmljs@1.0.4
Local package version is up-to-date: http@1.1.0
Local package version is up-to-date: id-map@1.0.3
Local package version is up-to-date: insecure@1.0.3
Local package version is up-to-date: jquery@1.11.3_2
Local package version is up-to-date: json@1.0.3
Local package version is up-to-date: launch-screen@1.0.2
Local package version is up-to-date: livedata@1.0.13
Local package version is up-to-date: logging@1.0.7
Local package version is up-to-date: meteor@1.1.6
Local package version is up-to-date: meteor-platform@1.2.2
Local package version is up-to-date: minifiers@1.1.5
Local package version is up-to-date: minimongo@1.0.8
Local package version is up-to-date: mobile-status-bar@1.0.3
Local package version is up-to-date: mongo@1.1.0
Local package version is up-to-date: observe-sequence@1.0.6
Local package version is up-to-date: ordered-dict@1.0.3
Local package version is up-to-date: random@1.0.3
Local package version is up-to-date: reactive-dict@1.1.0
Local package version is up-to-date: reactive-var@1.0.5
Local package version is up-to-date: reload@1.1.3
Local package version is up-to-date: retry@1.0.3
Local package version is up-to-date: routepolicy@1.0.5
Local package version is up-to-date: session@1.1.0
Local package version is up-to-date: spacebars@1.0.6
Local package version is up-to-date: spacebars-compiler@1.0.6
Local package version is up-to-date: templating@1.1.1
Local package version is up-to-date: tracker@1.0.7
Local package version is up-to-date: ui@1.0.6
Local package version is up-to-date: underscore@1.0.3
Local package version is up-to-date: url@1.0.4
Local package version is up-to-date: webapp@1.2.0
Local package version is up-to-date: webapp-hashing@1.0.3
Downloading missing local versions of package twbs:bootstrap@3.3.4 : [ 'os.linux.x86_64' ]
Doing HTTP request: GET https://warehouse.meteor.com/builds/es6a7rEJcykSMuMXC/1426521397384/JrJdwdpCXA/twbs:bootstrap-3.3.4-os+web.browser+web.cordova.tgz
=> Errors while adding packages:
While downloading twbs:bootstrap@3.3.4...:
error: CERT_UNTRUSTED
Your package catalog may be out of date.
Please connect to the internet and try again.
回答1:
Based on the suggestions of @Michael Mason I was able to develop a patch for Meteor which allows operation behind an SSL Inspection proxy.
The patch adds add support for the CAFILE environemnt variable which works very similarly to how NPM accepts additional Root Certificates.
Simply add export CAFILE=/path/to/root/cert.crt to your .bashrc, and logout and back in.
I hope this helps others.
You can see the full content of the Pull Request here: https://github.com/meteor/meteor/pull/5523
来源:https://stackoverflow.com/questions/31457594/ssl-inspection-errorcert-untrusted-when-adding-meteor-package