npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Can NPM cafile add to trust store not replace it?

Hello, I get UNABLE_TO_GET_ISSUER_CERT_LOCALLY because my CAFile is set to my MITM certificate pem. But Currently I’m not hijacking the traffic to my machine, and the real npm cert is failing.

How can I get npm to use my CA in addition to the normal CA store of keys? I don’t want to trust any cert with strict-ssl=false and I don’t want to remove all security using the http://registry.

I guess I could manually append the real registry to my cafile pem but I don’t want to have to maintain that key.

Ideally even set something like cafile=system and use the root certificate store I’ve already configured for the organization.

edit: to add to that, I did append the digicert Intermediate CA as a pem to my existing CA pem and now I get the error: UNABLE_TO_GET_ISSUER_CERT instead. I didn’t included the whole pem chain. So My custom.pem contains my root,lets encrypt Intermediate CA 1, Intermediate CA 2 and the root. Not thrilled about now having to maintain npms root cert choices too.