Cli-microsoft365: Error: Self signed certificate in certificate chain with spo connect

Created on 28 Jun 2018 · 14Comments · Source: pnp/cli-microsoft365

I took a look at the other issue located https://github.com/pnp/office365-cli/issues/447

I have a similar issue. I'm behind a corporate proxy.
Here is my ouput with --debug

> o365 spo connect https://tangodp-admin.sharepoint.com --debug
Disconnecting from SPO...
DONE
Authenticating with SharePoint Online at https://tangodp-admin.sharepoint.com...
No existing access token or expired. Token: , ExpiresAt:
Starting Auth.ensureAccessTokenWithDeviceCode. resource: https://tangodp-admin.sharepoint.com, debug: true
No existing refresh token. Starting new device code flow...
Thu, 28 Jun 2018 20:46:41 GMT:76be204b-a071-4fff-932d-ba4957c9e0f1 - Authority: VERBOSE: Performing instance discovery
Thu, 28 Jun 2018 20:46:41 GMT:76be204b-a071-4fff-932d-ba4957c9e0f1 - Authority: VERBOSE: Performing static instance discovery
Thu, 28 Jun 2018 20:46:41 GMT:76be204b-a071-4fff-932d-ba4957c9e0f1 - Authority: VERBOSE: Authority validated via static instance discovery.
Thu, 28 Jun 2018 20:46:41 GMT:76be204b-a071-4fff-932d-ba4957c9e0f1 - DeviceCodeRequest: INFO: Getting user code info.
Response:
undefined
Error:
self signed certificate in certificate chain

bug

Source

devinprejean

All 14 comments

I'm suspecting this is not related to the Office 365 CLI specifically but rather the network/machine setup but I can see if I can find any more information how to deal with it 👍

waldekmastykarz on 29 Jun 2018

Could be related with the request native library we use, because it is enforcing strict ssl for the https requests by default. The corporate security proxies sometimes are not recognized as strict ssl ... then we have issues.

VelinGeorgiev on 29 Jun 2018

@VelinGeorgiev I'm not sure if it's that. A while back we switched to using ADAL JS for auth, so these requests shouldn't be coming through request native. I can check if there is anything similar in ADAL JS.

waldekmastykarz on 29 Jun 2018

👍1

@devinprejean have you tried to authenticate with user and password? I believe it uses other mechanics for that type of authentication and that might work.

VelinGeorgiev on 29 Jun 2018

I have also tried with user and password. Fails immediately

devinprejean on 30 Jun 2018

@devinprejean could you see if setting the NODE_TLS_REJECT_UNAUTHORIZED=0 environment variable solves the issue and if so, if it would it be an acceptable solution for you?

waldekmastykarz on 1 Jul 2018

I will try it ASAP.

devinprejean on 1 Jul 2018

Thank you @devinprejean!

waldekmastykarz on 1 Jul 2018

Ok the suggestion worked. We are still working internally to decide if this is an acceptable risk. I hope to have an answer by next week.

devinprejean on 2 Jul 2018

Great! Thanks for checking @devinprejean!

waldekmastykarz on 3 Jul 2018

Hey @devinprejean any update or shall we close this issue for now?

waldekmastykarz on 19 Jul 2018

Sorry waldek I’ll ask now and let you know today

devinprejean on 23 Jul 2018

We can close this for now. We decided to go another route so it seems this wasn’t acceptable for our use case. Thank you!

devinprejean on 23 Jul 2018

👍1

Thanks for confirming. Mind sharing what you decided to do eventually? It might help others (unless you decided not to use the CLI altogether)

waldekmastykarz on 24 Jul 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Update Commands: App ALM related commands to handle site collection app catalogs

andrewconnell · 3Comments

Extend 'spo page add' with support for promoting as template

waldekmastykarz · 3Comments

New command: Get classification label

waldekmastykarz · 3Comments

Bug report: npm install fails

OodapowUiPath · 3Comments

o365 spo app remove doesn't remove entries from Client Side Component Manifests list

phillipharding · 3Comments