node.js 接收错误:'错误:SSL 错误:SELF_SIGNED_CERT_IN_CHAIN' 使用 npm 时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9626990/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
receiving error: 'Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN' while using npm
提问by ali haider
I am using npm v1.0.104/node 0.6.12 on ubuntu - I am receiving the error copied below while attempting to install any new modules via npm (I tested socket.io earlier using http, not https though & am wondering if that could have resulted in the issue with npm/unsigned certs). The error pops up once npm tries to resolve the 'https://registry.npmjs.org' URL. Is there anyway I can ignore the error or perhaps locate/add the cert to a trusted store in order to continue using npm.
我在 ubuntu 上使用 npm v1.0.104/node 0.6.12 - 我在尝试通过 npm 安装任何新模块时收到下面复制的错误(我之前使用 http 测试了 socket.io,但不是 https,我想知道这是否可以导致了 npm/未签名证书的问题)。一旦 npm 尝试解析“ https://registry.npmjs.org” URL ,就会弹出错误。无论如何我可以忽略该错误,或者将证书定位/添加到受信任的商店以便继续使用 npm。
Any insight on what needs to be done to resolve the issue will be appreciated (I would prefer to resolve the issue through configuration as opposed to re-installing if possible).
任何有关需要做什么来解决问题的见解将不胜感激(如果可能,我更愿意通过配置解决问题,而不是重新安装)。
Error: "Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN"
错误:“错误:SSL 错误:SELF_SIGNED_CERT_IN_CHAIN”
Full Message:
完整信息:
npm ERR! Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN
npm ERR! at ClientRequest.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/main.js:252:28)
npm ERR! at ClientRequest.emit (events.js:67:17)
npm ERR! at HTTPParser.onIncoming (http.js:1261:11)
npm ERR! at HTTPParser.onHeadersComplete (http.js:102:31)
npm ERR! at CleartextStream.ondata (http.js:1150:24)
npm ERR! at CleartextStream._push (tls.js:375:27)
npm ERR! at SecurePair.cycle (tls.js:734:20)
npm ERR! at EncryptedStream.write (tls.js:130:13)
npm ERR! at Socket.ondata (stream.js:38:26)
npm ERR! at Socket.emit (events.js:67:17)
npm ERR! Report this *entire* log at:
npm ERR! <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR! <[email protected]>
npm ERR!
npm ERR! System Linux 2.6.38-13-generic
npm ERR! command "node" "/usr/bin/npm" "install" "jed"
npm ERR! node -v v0.6.12
npm ERR! npm -v 1.0.104
回答by ali haider
Running the following helped resolve the issue:
运行以下有助于解决问题:
npm config set strict-ssl false
I cannot comment on whether it will cause any other issues at this point in time. Hope it helps.
目前我无法评论它是否会导致任何其他问题。希望能帮助到你。
回答by Kevin Reilly
As of February 27, 2014, npm no longer supports its self-signed certificates.The following options, as recommended by npm, is to do one of the following:
截至 2014 年 2 月 27 日,npm 不再支持其自签名证书。npm 推荐的以下选项是执行以下操作之一:
Upgrade your version of npm
升级你的 npm 版本
npm install npm -g --ca=""
-- OR --
- 或者 -
Tell your current version of npm to use known registrars
告诉您当前版本的 npm 使用已知的注册商
npm config set ca ""
Update:npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npmwith more solutions particular to different environments
更新:npm 发布了更多关于 SELF_SIGNED_CERT_IN_CHAIN 和 npm 的帮助,提供了更多针对不同环境的解决方案
您可能需要也可能不需要添加
sudosudo到建议中。
Other options
其他选项
It seems that people are having issues using npm's recommendations, so here are some other potential solutions.
似乎人们在使用 npm 的建议时遇到了问题,所以这里有一些其他潜在的解决方案。
Upgrade Node itself
Receiving this error may suggest you have an older version of node, which naturally comes with an older version of npm. One solution is to upgrade your version of Node. This is likely the best option as it brings you up to date and fixes existing bugs and vulnerabilities.
升级节点本身
收到此错误可能表明您使用的是旧版本的节点,这自然带有旧版本的 npm。一种解决方案是升级您的 Node.js 版本。这可能是最好的选择,因为它可以让您了解最新信息并修复现有的错误和漏洞。
The process here depends on how you've installed Node, your operating system, and otherwise.
此处的过程取决于您安装 Node 的方式、操作系统等。
Update npm
Being that you probably got here while trying to installa package, it is possible that npm install npm -gmight fail with the same error. If this is the case, use updateinstead. As suggested by Nisanth Sojan:
更新 npm
由于您可能在尝试install包时到达这里,因此npm install npm -g可能会因相同的错误而失败。如果是这种情况,请update改用。正如 Nisanth Sojan 所建议的:
npm update npm -g
Update npm alternative
One way around the underlying issue is to use known registrars, install, and then stop using known registrars. As suggested by jnylen:
更新 npm 替代方案
解决潜在问题的一种方法是使用已知的注册商,安装,然后停止使用已知的注册商。正如 jnylen 所建议的:
npm config set ca ""
npm install npm -g
npm config delete ca
回答by Hermann
For now I just switched registry URL from https to http. Like this:
现在我只是将注册表 URL 从 https 切换到 http。像这样:
npm config set registry="http://registry.npmjs.org/"
回答by Robin
npm config set strict-ssl false -g
To save it globally
全局保存
回答by We Are All Monica
You need to upgrade npm.
你需要升级 npm。
// Do this first, or the upgrade will fail
npm config set ca ""
npm install npm -g
// Undo the previous config change
npm config delete ca
You may need to prefix those commands with sudo.
您可能需要在这些命令前加上sudo.
Source: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more
来源:http: //blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more
回答by kenorb
The error SELF_SIGNED_CERT_IN_CHAINmeans that you have self signed certificate in certificate chain which is basically not trusted by the system.
该错误SELF_SIGNED_CERT_IN_CHAIN意味着您在证书链中拥有自签名证书,该证书基本上不受系统信任。
If that happens, basically something fishy is going on, therefore as people already commented, it is not recommended to just disable certificate checks, but better approach is to understand what is the problem and fix the cause of it.
如果发生这种情况,基本上会发生一些可疑的事情,因此正如人们已经评论过的那样,不建议仅禁用证书检查,但更好的方法是了解问题所在并解决问题的原因。
This maybe related either to:
这可能与:
custom repository address which doesn't have the right certificate,
a corporate network with transparent proxy.
If you're behind a corporate web proxy, you should set-up the proper
HTTP_PROXY/HTTPS_PROXYenvironment variables or set them vianpm:npm config set proxy http://proxy.company.com:8080 npm config set https-proxy http://proxy.company.com:8080See: How to setup Node.js and Npm behind a corporate web proxy
没有正确证书的自定义存储库地址,
具有透明代理的企业网络。
如果您使用的是企业 Web 代理,则应设置正确的
HTTP_PROXY/HTTPS_PROXY环境变量或通过npm以下方式设置它们:npm config set proxy http://proxy.company.com:8080 npm config set https-proxy http://proxy.company.com:8080
If you trust the host, you can export the self-signed certificate from the chain and import them into system, so they're marked as trusted.
如果你信任主机,你可以从链中导出自签名证书并将它们导入系统,因此它们被标记为受信任。
This can be achieved by checking the certificates by (change example.cominto npm repo which is failing based on the npm-debug.log):
这可以通过检查证书来实现(更改example.com为基于 失败的 npm repo npm-debug.log):
openssl s_client -showcerts -connect example.com:443 < /dev/null
then save the certificate content (between BEGINand END) into .crtfile in order to import it.
然后将证书内容(在BEGIN和之间END)保存到.crt文件中以便导入。
Linux
Linux
As per suggestion, you can add exported certificate into /etc/environmentfile (Node 7.4+), like:
根据建议,您可以将导出的证书添加到/etc/environment文件(Node 7.4+)中,例如:
NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/source/anchors/yourCer??ts.pem
CentOS
CentOS
On CentOS 5 this can be appended into /etc/pki/tls/certs/ca-bundle.crtfile, e.g.
在 CentOS 5 上,这可以附加到/etc/pki/tls/certs/ca-bundle.crt文件中,例如
ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect example.com:443) -scq | sudo tee -a /etc/pki/tls/certs/ca-bundle.crt
sudo update-ca-trust force-enable
sudo update-ca-trust extract
npm install
Note: To export only first certificate, remove gat the beginning.
注意:要仅导出第一个证书,请g在开头删除。
In CentOS 6, the certificate file can be copied to /etc/pki/ca-trust/source/anchors/.
在 CentOS 6 中,可以将证书文件复制到/etc/pki/ca-trust/source/anchors/.
Ubuntu/Debian
Ubuntu/Debian
In Ubuntu/Debian, copy CRT file into /usr/local/share/ca-certificates/then run:
在 Ubuntu/Debian 中,将 CRT 文件复制到/usr/local/share/ca-certificates/然后运行:
sudo update-ca-certificates
macOS
苹果系统
In macOS you can run:
在 macOS 中,您可以运行:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/foo.crt
Windows
视窗
In Windows: certutil -addstore -f "ROOT" new-root-certificate.crt
在 Windows 中: certutil -addstore -f "ROOT" new-root-certificate.crt
See also: npm - Troubleshooting - SSL Error
另请参阅:npm - 故障排除 - SSL 错误
回答by Adam Lane
Putting this before the command seems to work NODE_TLS_REJECT_UNAUTHORIZED=0.
ex: NODE_TLS_REJECT_UNAUTHORIZED=0 npm ...
把它放在命令之前似乎有效NODE_TLS_REJECT_UNAUTHORIZED=0。前任:NODE_TLS_REJECT_UNAUTHORIZED=0 npm ...
It would be best to figure out how to make node see self signed certificate as valid. strict-ssl suggestion above didn't work for me for some reason. If you understand the security implications and need a temporary quick fix, this is what I found in some random github issuesduring Google search of the error.
最好弄清楚如何让节点将自签名证书视为有效。由于某种原因,上面的严格 ssl 建议对我不起作用。如果您了解安全隐患并需要临时快速修复,这就是我在 Google 搜索错误期间在一些随机 github 问题中发现的内容。
回答by Redsandro
The repository no longer supports self-signed certificates. You need to upgrade npm.
存储库不再支持自签名证书。你需要升级npm。
// Disable the certificate temporarily in order to do the upgrade
npm config set ca ""
// Upgrade npm. -g (global) means you need root permissions; be root
// or prepend `sudo`
sudo npm install npm -g
// Undo the previous config change
npm config delete ca
// For Ubuntu/Debian-sid/Mint, node package is renamed to nodejs which
// npm cannot find. Fix this:
sudo ln -s /usr/bin/nodejs /usr/bin/node
You need to open a new terminal session in order to use the updated npm.
您需要打开一个新的终端会话才能使用更新的npm.
Source:This was originally an edit on jnylen's answer. Although the guidelines say "We welcome all constructive edits, but please make them substantial,"the edit was rejected due to "This edit changes too much in the original post; the original meaning or intent of the post would be lost."I guess the community prefers a separate answer.
来源:这最初是对jnylen答案的编辑。尽管指导方针说“我们欢迎所有建设性的编辑,但请使它们充实”,但由于“此编辑对原始帖子的更改过多,会丢失帖子的原始含义或意图”,因此该编辑被拒绝。我想社区更喜欢单独的答案。
回答by Patrick
For those who on a macwith the same issue and installed npm via homebrew:
对于那些在mac上遇到相同问题并通过homebrew安装 npm 的人:
brew uninstall npm
then
然后
brew install npm
Works for me on osx (10.9.1)
在 osx (10.9.1) 上对我有用
EDIT: You may need to brew updatebefore installing npm. You can also do a brew upgradeafter updating homebrew. Also it might be helpful to run brew doctorif you run into any other issues.
编辑:您可能需要brew update在安装 npm 之前。您也可以brew upgrade在更新自制软件后执行。brew doctor如果您遇到任何其他问题,运行也可能会有所帮助。
回答by Igor Parra
Quick and clean solution (linux tested) (After fatidic February 27, 2014)
快速干净的解决方案(经过 linux 测试)(2014 年 2 月 27 日之后)
Uninstall npm
卸载 npm
npm rm npm -g
Install npm(new URL is www.npmjs.orginstead npmjs.org)
安装 npm(新 URL 是www.npmjs.org而不是npmjs.org)
curl https://www.npmjs.org/install.sh | sh
Tip: how to install node.js in linux https://stackoverflow.com/a/22099363/333061
提示:如何在 linux 中安装 node.js https://stackoverflow.com/a/22099363/333061
