Certificate error while fetching npm packages

#1

Circle CI is throwing below error while fetching npm packages from proget server:

npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! request to https://our-server/npm/Mosaic/@scope/component failed, reason: unable to verify the first certificate

Any suggestions?

#2

Running below command worked:

npm config set strict-ssl false

#3

Hmm, that does mean that, in theory, your DNS could be redirected in a MitM attack, and malicious packages could be loaded by NPM. I agree that’s unlikely, but in general, if the dependency server has real TLS certs, it is best to try to verify them properly (and to find out why they won’t verify if there is an error).

#4

I agree this is not a safe way to do.

We have proxy servers and fire walls in between hence chain of certificates.

Right way of doing would be to add a cert so that npm has right certificate in circle ci and can communicate safely.

1 Like
closed #5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.