Can NPM cafile add to trust store not replace it?

Hello, I get UNABLE_TO_GET_ISSUER_CERT_LOCALLY because my CAFile is set to my MITM certificate pem. But Currently I’m not hijacking the traffic to my machine, and the real npm cert is failing.

How can I get npm to use my CA in addition to the normal CA store of keys? I don’t want to trust any cert with strict-ssl=false and I don’t want to remove all security using the http://registry.

I guess I could manually append the real registry to my cafile pem but I don’t want to have to maintain that key.

Ideally even set something like cafile=system and use the root certificate store I’ve already configured for the organization.

edit: to add to that, I did append the digicert Intermediate CA as a pem to my existing CA pem and now I get the error: UNABLE_TO_GET_ISSUER_CERT instead. I didn’t included the whole pem chain. So My custom.pem contains my root,lets encrypt Intermediate CA 1, Intermediate CA 2 and the root. Not thrilled about now having to maintain npms root cert choices too.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.