Hello, I get
UNABLE_TO_GET_ISSUER_CERT_LOCALLY because my CAFile is set to my MITM certificate pem. But Currently I’m not hijacking the traffic to my machine, and the real npm cert is failing.
How can I get npm to use my CA in addition to the normal CA store of keys? I don’t want to trust any cert with strict-ssl=false and I don’t want to remove all security using the http://registry.
I guess I could manually append the real registry to my cafile pem but I don’t want to have to maintain that key.
Ideally even set something like cafile=system and use the root certificate store I’ve already configured for the organization.
edit: to add to that, I did append the digicert Intermediate CA as a pem to my existing CA pem and now I get the error:
UNABLE_TO_GET_ISSUER_CERT instead. I didn’t included the whole pem chain. So My custom.pem contains my root,lets encrypt Intermediate CA 1, Intermediate CA 2 and the root. Not thrilled about now having to maintain npms root cert choices too.