And if you do not want to rely on node.js built-in list, and rather use your debian/ubuntu's list :

var CAs = fs.readFileSync('/etc/ssl/certs/ca-certificates.crt').toString().split(/(?=-----BEGIN CERTIFICATE-----)/);

// then when you make requests...
https.request({ ..., ca: CAs}, ...);

You can also add a path to your certificates in PEM file format using the NODE_EXTRA_CA_CERTS environment variable starting with node v7.3.0

https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

This has the benefit of not requiring any code changes, just change the environment of your node process. Hope this helps!

Edit:

Also check out --use-openssl-ca https://nodejs.org/api/cli.html#cli_use_openssl_ca_use_bundled_ca

That's what I ended up using to solve my problem. I copied my .crt files to /usr/local/share/ca-certificates then ran sudo update-ca-certificates and then run node with --use-openssl-ca and now node finds my certificates properly.

This is because node does not use your system's CA configuration; it includes its own built-in list of acceptable CAs.

If you want a node SSL client to accept a custom CA, you have to pass the CA's certificate in the ca option.

// do something like this when your app starts up:
fs.readFile('/path/to/ca.pem', function(err, cert) {
    if (err) ...
    else certBuffer = cert;
});

// then when you make requests...
https.request({
    hostname: 'example.com',
    port: 443,
    path: '/',
    method: 'GET',
    ca: certBuffer
}, ...);