可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I am using npm v1.0.104/node 0.6.12 on ubuntu - I am receiving the error copied below while attempting to install any new modules via npm (I tested socket.io earlier using http, not https though & am wondering if that could have resulted in the issue with npm/unsigned certs). The error pops up once npm tries to resolve the 'https://registry.npmjs.org' URL. Is there anyway I can ignore the error or perhaps locate/add the cert to a trusted store in order to continue using npm.
Any insight on what needs to be done to resolve the issue will be appreciated (I would prefer to resolve the issue through configuration as opposed to re-installing if possible).
Error: "Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN"
Full Message:
npm ERR! Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN
npm ERR! at ClientRequest.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/main.js:252:28)
npm ERR! at ClientRequest.emit (events.js:67:17)
npm ERR! at HTTPParser.onIncoming (http.js:1261:11)
npm ERR! at HTTPParser.onHeadersComplete (http.js:102:31)
npm ERR! at CleartextStream.ondata (http.js:1150:24)
npm ERR! at CleartextStream._push (tls.js:375:27)
npm ERR! at SecurePair.cycle (tls.js:734:20)
npm ERR! at EncryptedStream.write (tls.js:130:13)
npm ERR! at Socket.ondata (stream.js:38:26)
npm ERR! at Socket.emit (events.js:67:17)
npm ERR! Report this *entire* log at:
npm ERR! <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR! <npm-@googlegroups.com>
npm ERR!
npm ERR! System Linux 2.6.38-13-generic
npm ERR! command "node" "/usr/bin/npm" "install" "jed"
npm ERR! node -v v0.6.12
npm ERR! npm -v 1.0.104
回答1:
Running the following helped resolve the issue:
npm config set strict-ssl false
I cannot comment on whether it will cause any other issues at this point in time. Hope it helps.
回答2:
As of February 27, 2014, npm no longer supports its self-signed certificates. The following options, as recommended by npm, is to do one of the following:
Upgrade your version of npm
npm install npm -g --ca=""
-- OR --
Tell your current version of npm to use known registrars
npm config set ca ""
Update: npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npm with more solutions particular to different environments
You may or may not need to prepend
sudo
to the recommendations.
Other options
It seems that people are having issues using npm's recommendations, so here are some other potential solutions.
Upgrade Node itself
Receiving this error may suggest you have an older version of node, which naturally comes with an older version of npm. One solution is to upgrade your version of Node. This is likely the best option as it brings you up to date and fixes existing bugs and vulnerabilities.
The process here depends on how you've installed Node, your operating system, and otherwise.
Update npm
Being that you probably got here while trying to install
a package, it is possible that npm install npm -g
might fail with the same error. If this is the case, use update
instead. As suggested by Nisanth Sojan:
npm update npm -g
Update npm alternative
One way around the underlying issue is to use known registrars, install, and then stop using known registrars. As suggested by jnylen:
npm config set ca ""
npm install npm -g
npm config delete ca
回答3:
For now I just switched registry URL from https to http. Like this:
npm config set registry="http://registry.npmjs.org/"
回答4:
npm config set strict-ssl false -g
To save it globally
回答5:
You need to upgrade npm.
// Do this first, or the upgrade will fail
npm config set ca ""
npm install npm -g
// Undo the previous config change
npm config delete ca
You may need to prefix those commands with sudo
.
Source: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more
回答6:
The error SELF_SIGNED_CERT_IN_CHAIN
means that you have self signed certificate in certificate chain which is basically not trusted by the system.
If that happens, basically something fishy is going on, therefore as people already commented, it is not recommended to just disable certificate checks, but better approach is to understand what is the problem and fix the cause of it.
This maybe related either to:
custom repository address which doesn't have the right certificate,
a corporate network with transparent proxy.
If you're behind a corporate web proxy, you should set-up the proper HTTP_PROXY
/HTTPS_PROXY
environment variables or set them via npm
:
npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080
See: How to setup Node.js and Npm behind a corporate web proxy
If you trust the host, you can export the self-signed certificate from the chain and import them into system, so they're marked as trusted.
This can be achieved by checking the certificates by (change example.com
into npm repo which is failing based on the npm-debug.log
):
openssl s_client -showcerts -connect example.com:443 < /dev/null
then save the certificate content (between BEGIN
and END
) into .crt
file in order to import it.
Linux
As per suggestion, you can add exported certificate into /etc/environment
file (Node 7.4+), like:
NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/source/anchors/yourCerts.pem
CentOS
On CentOS 5 this can be appended into /etc/pki/tls/certs/ca-bundle.crt
file, e.g.
ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect example.com:443) -scq | sudo tee -a /etc/pki/tls/certs/ca-bundle.crt
sudo update-ca-trust force-enable
sudo update-ca-trust extract
npm install
Note: To export only first certificate, remove g
at the beginning.
In CentOS 6, the certificate file can be copied to /etc/pki/ca-trust/source/anchors/
.
Ubuntu/Debian
In Ubuntu/Debian, copy CRT file into /usr/local/share/ca-certificates/
then run:
sudo update-ca-certificates
macOS
In macOS you can run:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/foo.crt
Windows
In Windows: certutil -addstore -f "ROOT" new-root-certificate.crt
See also: npm - Troubleshooting - SSL Error
回答7:
Putting this before the command seems to work NODE_TLS_REJECT_UNAUTHORIZED=0
.
ex: NODE_TLS_REJECT_UNAUTHORIZED=0 npm ...
It would be best to figure out how to make node see self signed certificate as valid. strict-ssl suggestion above didn't work for me for some reason. If you understand the security implications and need a temporary quick fix, this is what I found in some random github issues during Google search of the error.
回答8:
The repository no longer supports self-signed certificates. You need to upgrade npm
.
// Disable the certificate temporarily in order to do the upgrade
npm config set ca ""
// Upgrade npm. -g (global) means you need root permissions; be root
// or prepend `sudo`
sudo npm install npm -g
// Undo the previous config change
npm config delete ca
// For Ubuntu/Debian-sid/Mint, node package is renamed to nodejs which
// npm cannot find. Fix this:
sudo ln -s /usr/bin/nodejs /usr/bin/node
You need to open a new terminal session in order to use the updated npm
.
Source: This was originally an edit on jnylen's answer. Although the guidelines say "We welcome all constructive edits, but please make them substantial," the edit was rejected due to "This edit changes too much in the original post; the original meaning or intent of the post would be lost." I guess the community prefers a separate answer.
回答9:
For those who on a mac with the same issue and installed npm via homebrew:
brew uninstall npm
then
brew install npm
Works for me on osx (10.9.1)
EDIT: You may need to brew update
before installing npm. You can also do a brew upgrade
after updating homebrew. Also it might be helpful to run brew doctor
if you run into any other issues.
回答10:
Quick and clean solution (linux tested) (After fatidic February 27, 2014)
Uninstall npm
npm rm npm -g
Install npm (new URL is www.npmjs.org instead npmjs.org)
curl https://www.npmjs.org/install.sh | sh
Tip: how to install node.js in linux https://stackoverflow.com/a/22099363/333061
回答11:
Uninstall NPM and install it again.
As of February 27, 2014 npm no longer supports its self-signed certificates.
http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more
The link above suggests upgrading NPM using NPM. This also fails with SELF_SIGNED_CERT_IN_CHAIN...
回答12:
Turning off SSL seems like a profoundly bad idea. npm's blog explains that they no longer support their self-signed cert. They suggest upgrading npm via npm install npm -g
, but I of course got the same SELF_SIGNED_CERT_IN_CHAIN error. So I just updated node, which updated npm along with it. Exact procedure depends on how you installed node in the first place.