Question

我们有一个企业强制要求的SSL MITM，我试图让npm很好地使用它。没有配置，npm install生成

$ npm install --verbose
...
npm verb request uri https://registry.npmjs.org/request
npm verb request no auth needed
npm info attempt registry request try #1 at 12:21:46
npm verb etag "BHYPP2OQ6VBKY2B3TPXTCBVRQ"
npm http request GET https://registry.npmjs.org/request
npm info retry will retry, error on last attempt: Error: SELF_SIGNED_CERT_IN_CHAIN
npm info retry will retry, error on last attempt: Error: SELF_SIGNED_CERT_IN_CHAIN
npm info retry will retry, error on last attempt: Error: SELF_SIGNED_CERT_IN_CHAIN
...

当我放置custom SSL pem in ~/.npmrc

时

ca="-----BEGIN CERTIFICATE-----\n..."

我得到以下

$ npm install --verbose
...
npm http request GET https://registry.npmjs.org/time-grunt
npm verb request uri https://registry.npmjs.org/request
npm verb request no auth needed
npm info attempt registry request try #1 at 12:27:17
npm verb etag "BHYPP2OQ6VBKY2B3TPXTCBVRQ"
npm http request GET https://registry.npmjs.org/request
npm info retry will retry, error on last attempt: Error: Hostname/IP doesn't match certificate's altnames
npm info retry will retry, error on last attempt: Error: Hostname/IP doesn't match certificate's altnames
...

如果我理解正确的话，npm使用那个SSL证书作为唯一的根CA，这将是有意义的，为什么它不起作用。对于每个CA而言~/.npmrc行ca[]="-----BEGIN CERTIFICATE-----\n..."并没有膨胀，是否有一个certs.pem文件可以将我们的内部追加到？

我正在寻找类似于我使自制软件安装的应用程序正常工作的方式

cat internal-cert.pem >> /usr/local/etc/openssl/cert.pem

我希望npm / node有类似的东西。

Answer 1

尝试设置strict-ssl标志。我以前遇到过类似的问题。

npm config set strict-ssl false

我实际上从我的〜/ .npmrc中取出了证书，但是如果它影响到任何东西就不确定你是否留下它。

npm CA证书的位置

1 个答案: