Trust the system root CA certificates

(Franklin Yu) #1

For most operating system there is a system trust store to keep the root CA certificates. In Linux that is managed by OpenSSL; in macOS it’s Keychain; in Windows it’s the system trust store managed by CertMgr. In many corporation, the system trust stores of computers are managed by Group Policy or some similar product. This way new root certificate can be deployed by administrator centrally. Currently if I want NPM to trust internal Git source with HTTPS protocol, I need the cafile option, and I need to duplicate the eitire trust store because this option overrides default trust store. It would be awesome if NPM automatically trust the root CA certificates in system trust store.

I found a related topic in support forum, so I think this is a common use-case.

0 Likes

(Jack) #2

There will be loads of organisations and schools that don’t have the technical support to bother getting npm working because of this you’re holding node back. This is a proper first 5 seconds of use beginners intro problem.

I have been fighting proxy and tls issues for years. Make this work better.

0 Likes