Yarn: Self signed certificate in certificate chain error

Created on 13 Oct 2016  路  22Comments  路  Source: yarnpkg/yarn

Hey,

I'm trying to move from npm to yarn. I've installed yarn and set up the following config variables : http-proxy , https-proxy and strict-ssl : false.

When I try to yarn, at step [1/4] Resolving packages I get the following error :

error self signed certificate in certificate chain
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1057:38)
    at emitNone (events.js:67:13)
    at TLSSocket.emit (events.js:166:7)
    at TLSSocket._finishInit (_tls_wrap.js:596:8)

As far as I know websockets don't work behind my corporate proxy. Any workarounds ?

cat-bug

Most helpful comment

For me calling yarn config set "strict-ssl" false from the CLI updated strict-ssl to a string value in the JSON file, not a boolean. If you open up your .yarnrc (located in \Users\ in Windows) and update to the following, it works.

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
strict-ssl false

All 22 comments

Looks the same as #841 ssl settings (like CA or strict ssl) don't work yet 馃槩

@vbfox Thanks! Will follow that post.

We've merged support for cafile and strict-ssl so this issue should be resolved.

@kittens in which version it is or will be released?

working now in yarn v0.16.0

I still get this error with 0.16.1

Same here. I tried just the cafile option, then added the strict-ssl option and I'm still getting the following from yarn-error.log:

 C:\Program Files\nodejs\node.exe C:\Users\Me\AppData\Roaming\npm\node_modules\yarn\bin\yarn.js add vue

PATH: ....

Yarn version:
  0.16.1

Node version:
  6.1.0

Platform:
  win32 x64

npm manifest:
  {
    "name": "...",
    "version": "1.0.0",
    "description": "...",
    "main": "index.html",
    "author": "Nick Klauer ...",
    "license": "MIT"
  }

yarn manifest:
  No manifest

bower manifest:
  No manifest

Lockfile:
  No lockfile

Trace:
  Error: self signed certificate in certificate chain
      at Error (native)
      at TLSSocket.<anonymous> (_tls_wrap.js:1055:38)
      at emitNone (events.js:86:13)
      at TLSSocket.emit (events.js:185:7)
      at TLSSocket._finishInit (_tls_wrap.js:580:8)
      at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:412:38)

Looks like it works when I specify the config in .yarnrc but not from command line

For me calling yarn config set "strict-ssl" false from the CLI updated strict-ssl to a string value in the JSON file, not a boolean. If you open up your .yarnrc (located in \Users\ in Windows) and update to the following, it works.

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
strict-ssl false

I also found that if I duplicated the strict-ssl and other config from .npmrc into .yarnrc then things started working (or use yarn config set to add each part). I'm not sure why it didn't pick it up from .npmrc.

not working anymore in 0.23.3

same with v0.27.5 aswell

error An unexpected error occurred: "https://registry.npmjs.org/babel-polyfill: self signed certificate in certificate chain". info If you think this is a bug, please open a bug report with the information provided in "/Users/****/yarn-error.log". info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

I had this same type of error. Doing yarn config set "strict-ssl" false resolved the issue for me. Thanks @cgatian

I can't find .yarnrc file in C:/Users. Pls let know how can I create it.
@cgatian @danielmhair

@monicapeddi021 I never created the file myself. I simply went to the command line and ran yarn config set "strict-ssl" false

@danielhusar I just tried yarn config set "strict-ssl" false, but it didn't work:

$ yarn --version
1.3.2
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


registry "https://nexus.our-private.zone/repository/private-repo/"
lastUpdateCheck 1519057517516
strict-ssl false

I had the same problem on windows 10.

open windows powerShell and enter the following command:

`npm config set registry http://registry.npmjs.org/`

Then you can use:

npm install [your package]

I had this same type of error. Doing yarn config set "strict-ssl" false resolved the issue for me. Thanks @cgatian

Yes, I have the same error when running yarn install. That commend works for me too. :)

Recommending to set strict-ssl to false is like leaving home with doors and windows open, and say come in and take all you want ;)

Please don't work around issues, and instead fix them properly.

So enable ssl strict:

yarn config set strict-ssl true

And then tell yarn where to find the certificate file:

yarn config set cafile /path/to/certificate/file

Works great if you have the certificate. How do you fix without?

Works great if you have the certificate. How do you fix without?

When you get this error is because your computer is not able to communicate directly with the url being requested, maybe because your are behind a corporate firewall or proxy that uses a custom self signed certificate, therefore in either cases you need to ask the administrator of your network to provide you the certificate.

@cgatian Typically you have access to the certificate (you simply don鈥檛 know how to download it). Most registry software support TLS.

Was this page helpful?
0 / 5 - 0 ratings