Nvm-windows: Certificate signed by unknown authority
I'm receiving the following error:
> nvm install latest
Could not retrieve https://nodejs.org/dist/latest/SHASUMS256.txt.
Get https://nodejs.org/dist/latest/SHASUMS256.txt: x509: certificate signed by unknown authority
I'm behind a proxy server which may be responsible for the certificate error; is there a flag or config option to ignore certificate trust issues?
If not, could one please be added?
ghost
All 12 comments
I'm guessing it's your proxy. The SSL certificate on nodejs.org is from Comodo, a generally recognized CA, but it is a wildcard certificate. It's unusual to block something from a generally trusted CA, but I suppose it could happen.
Are you able to try this outside of your proxy?
coreybutler
on 22 Feb 2017
That's the certificate I see but it's not trusted on my machine. Is there no way to disable certificate validation? I'd like to use nvm for automated CI builds and it's not feasible to fix this for every machine that may run it.
I'm not very concerned by the possibility of MITM attacks.
ghost
on 22 Feb 2017
At present moment, there is no way to disable the certificate validation. However; I've already mocked up a potential way to bypass this with a CLI flag. I still need to test it, but if I have enough time this afternoon, I'll build a new release.
coreybutler
on 22 Feb 2017
OK, this was a pretty straightforward fix. I managed to find time to run the build, so there is now a --insecure flag you can set when installing node that should skip the SSL validation check.
New release: v1.1.2
coreybutler
on 22 Feb 2017
Fixed and released in the same day I opened the issue? I'm beyond impressed.
ghost
on 22 Feb 2017
I got a little slap-happy and uploaded an incorrect installer. It's fixed, but if you unsuccessfully tried installing the new version before this comment, you may have encountered issues that are now fixed.
coreybutler
on 22 Feb 2017
The new flag works great, but I was able to resolve my underlying issue by installing the Comodo intermediate certificate from https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/929/75/intermediate-comodo-high-assurance-secure-server-ca
ghost
on 3 Mar 2017
how to solve error ? please share your ans..
psiddharth709
on 24 Sep 2017
@psiddharth709 - this is a different issue... it looks like a problem with your network. If it is the same issue noted above, just run nvm install latest --insecure.
coreybutler
on 25 Sep 2017
nvm install latest --insecure
i run this command .
before image error show..
psiddharth709
on 25 Sep 2017
Could not retrieve https://nodejs.org/dist/latest/SHASUMS256.txt.
Get https://nodejs.org/dist/latest/SHASUMS256.txt: dial tcp 104.20.22.46:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions.
How to get around this error?
enihar
on 9 Jan 2018
You may have to set http/https-proxy before:
npm config set proxy http://---myproxy---:PORT
npm config set https-proxy http(s)://---myproxy---:PORT
webia1
on 11 Sep 2019
Related issues
hsali
路
4Comments
flpms
路
4Comments
tomByrer
路
4Comments
leiamac
路
4Comments
petrovicz
路
4Comments
Most helpful comment
OK, this was a pretty straightforward fix. I managed to find time to run the build, so there is now a
--insecureflag you can set when installing node that should skip the SSL validation check.New release: v1.1.2