(1 votes, average: 5.00 out of 5)
Have you ever encountered the unable_to_get_issuer_cert_locally error in Node.js? If yes, then you must know that it’s not a simple error that we can overlook, as if we do that, it will give rise to several other issues that you won’t be able to manage.
Because of this, it becomes essential to fix the unable_to_get_issuer_cert_locally node js error at the earliest, and if you need to be more knowledgeable about resolving it, don’t fret. In this article, we will clarify what’s causing this error and provide easy-to-follow steps to fix it.
The Nodejs unable_to_get_issuer_cert_locally error generally emerges when an SSL certificate cannot be verified or confirmed due to the absence or lack of the issuer’s certificate in the local trust store.
Whenever Node.js commences a request to an HTTPS-enabled server, it enters a complex predicament. On the one hand, affirming the server’s SSL certificate is crucial to ensure it is valid and dependable. But, to achieve that, it must traverse a maze of intricate challenges that include verifying the certificate’s chain of trust. This verification process, in turn, demands validation that the certificate’s issuer – the Certificate Authority (CA) – is also authentic and trustworthy.
But if the issuer’s certificate is absent from the trust store, Node.js will fail to affirm the certificate chain. This will give rise to the “unable_to_get_issuer_cert_locally” error.
In short, this error occurs because – Node.js cannot confirm the trustworthiness of the certificate chain without first validating the issuer’s certificate, which it cannot do without the issuer’s certificate being present in the local system’s trust store.
To fix this error, you can try one or more of the following methods:
This method is a momentary resolution that you can opt for when you are incapable of acquiring the registry’s SSL cert or if you are encountering problems despite inserting or adding the cert to the trusted list. To accomplish this, use the command given below:
npm config set strict-ssl false
As stated above, it’s a temporary solution; you should again initiate the rigid SSL verification as soon as the SSL certificate issue is dealt with; otherwise, you can be a victim of a Monkey-in-the-middle attack.
Note: Instead of the term “false,” use “true” in the above command to start rigid verification.
The default public NPM registry version is set to HTTPS. To change it to HTTP, follow the given below steps:
npm config set registry http://registry.npmjs.org/
Note: The NPM registry is the primary spot where NPM searches for packages whenever the “npm install” cmd is executed.
If you intend to add or insert a root certificate that is not part of your system’s default catalog of trusted certificates, you can use the command given below:
If you are using a MacOS or Linux system, use the command given below:
If you are using a Windows system, use the command given below:
To modify the CA file, execute the “set cafile” cmd as given below:
npm config set cafile /path/to/root/certificate.pem
The settings of the CAfile will take precedence over the standard CA lookups that NPM utilizes. Attempting to access any public node packet manager registries that your Certificate Authority does not authenticate through HTTPS will result in errors.
This method instructs Node.js to skip the SSL certificate verification process. Disabling certificate validation may enable a cyber actor to intercept and exploit the data shared between the client and server, which may lead to various security violations. However, in some circumstances, such as during the testing phase of a non-production environment, where the threats of data interception and exploitation are nominal, this method can be regarded as a momentary answer.
To disable certificate verification altogether, use the command given below:
Note: We discourage using this method, as it causes “n” number of security risks and compromises the data. To restart the certification verification, replace “0” with “1” in the above command.
The “unable_to_get_issuer_cert_locally” error can also occur if you are in the environment of firewall protection that utilizes a proxy to examine the traffic or data packets by exchanging the SSL certificate with its own cert. In such cases, you must reach the corporate network administrator to get the .pem extension file, or you can try to download it by browsing any website where the cert is exchanged. Once you have the certificate file, you can add or insert the cert in the catalog of trusted certificates.
The “unable_to_get_issuer_cert_locally” error in Node.js occurs when the SSL certificate cannot be verified or confirmed due to the absence or lack of the issuer’s certificate in the local trust store. The article provides various methods to fix the error, including temporarily stopping rigid SSL verification, changing the default public registry version to HTTP, expanding Node.js’ trust store, modifying the settings of the CAfile, and disabling certificate verification altogether.
However, disabling certificate validation altogether is not recommended, as it can cause security risks and compromise data. Additionally, if the error occurs behind proxies, the user must reach the corporate network administrator to get the certificate file or try to download it by connecting to any site where the certificate is exchanged.
Read more about how to fix the “pr_connect_reset_error” in Firefox?