- Since npm stopped automatically accepting self-signed certificates, users have started to report errors while trying to publish some packages in certain applications.
- The error can be fixed, usually, by upgrading the package manager or use the known registrars.
- If you want to read more about security certificate errors, take a look at our dedicated certificate errors section.
- Feel free to explore our Troubleshooting Hub for more helpful articles.
For some time now, developers encountered a SELF_SIGNED_CERT_IN_CHAIN error during installing and publishing packages in certain applications and developer tools such as Node.js, npm, or Git.
Until a few years ago, when npm for instance announced that they would no longer support self-signed certificates.
This means that the certificate verification process was no longer automatic. So developers now have to set up their application to see the self-signed certificates.
How do I fix self-signed certificate in the certificate chain?
Depending on the tool you’re using, there are a few recommendations. Some are risky, some are safe. One thing is clear, though: you should not attempt to disable the certification verification process altogether.
You can insert an environment variable to allow untrusted certificates using the following command at the beginning of the code:
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
This is risky and it’s not recommended to be used in production. Alternatively, use npm config set strict-ssl=false if you have to do this for many applications and you want to save repeating the process.
Users also suggest upgrading your version of Node, to fixes any existing bugs and vulnerabilities.
The recommended solution is, again, to upgrade your version of npm running one of the following:
npm install npm -g --ca=null
npm update npm -g
Or, tell your current version of npm to use known registrars, and after installing, stop using them:
npm config set ca "" npm install npm -g npm config delete ca
Some users mentioned that they only switched the registry URL from https to http:
npm config set registry="http://registry.npmjs.org/"
We hope that one of these suggestions helped you fix the problem. Should you have any recommendations, please use the comments section below.
FAQ: Read more about security certificates
- What is a security certificate?
A security certificate is an approval from an industry-trusted third party – the certificate authority (CA). A security certificate contains information issued by a CA, indicating that the website is secured using an encrypted connection.
- Can I trust a self-signed certificate in Chrome?
Yes, you can. Simply add the website in the list of accepted entries from the Manage Certificates menu.
- Are security certificates frequent?