Skip to main content Link Menu Expand (external link) Document Search Copy Copied
unable to get local issuer certificate

Node.js

Published on 2023-03-22

Table of contents

  1. What is it?
  2. Issue sample
  3. All platforms
    1. Windows
    2. Linux / macOS
  4. Using openSSL certificates

What is it?

Node.js is an open-source, cross-platform JavaScript runtime environment.

Official Documentation

You can always check the general troubleshooting guide before continuing.

Issue sample

The error might look like this when using Node.js:

...
fatal: unable to access <URL>: SSL certificate problem: unable to get local issuer certificate
...

All platforms

Node.js comes with its own store of trustworthy CA certificates, that are updated with each update of Node.js. This certificates are not stored in a certificate file but rather is hard-coded into the Node.js source code as you can see here.

The certificate store that comes with the Node.js installation can only be extended by creating a central file that contains additional certificates in pem - Base64 format. Node.js supports an environment variable NODE_EXTRA_CA_CERTS that points to the aforementioned central file.

You can use the environment variable using the following command(s):

Windows

For the current shell session:

set NODE_EXTRA_CA_CERTS=<path\\to\\pem\\file>

Or for all following shell sessions:

setx NODE_EXTRA_CA_CERTS <path\\to\\pem\\file>

Or in PowerShell:

$env:NODE_EXTRA_CA_CERTS="</path/to/pem/file>"

Use (\\) as path separator when using Windows cmd/DOS and (`\ or /) as path separator in PowerShell.

Linux / macOS 

export NODE_EXTRA_CA_CERTS=</path/to/pem/file>

The path to the pem file can be absolute or relative.

The documentation for the environment variable can be found here.

Using openSSL certificates

When you have openSSL installed, you can start every Node.js process with the command-line argument --use-openssl-ca to prevent double configuration. Sometimes you can not define the command-line arguments for the process. In those cases you can add the argument to an environment variable with the name NODE_OPTIONS.

The documentation for the argument can be found here.

When the command-line argument is used, Node.js respects the openSSL environment variables SSL_CERT_DIR or SSL_CERT_FILE. This prevents parallel configuration.