doc: NODE_EXTRA_CA_CERTS Override

[nomanmaqsood]

Hello

I need a little help to set a self signed certificate in Nodejs. I have been doing research on this for many days and found a working solution in one of the GitHub issues of nodejs

This is how I am setting global options

    const CA_STORE = await getCertificate()
    https.globalAgent.options.ca = [];

    https.globalAgent.options.ca.push(CA_STORE)

The solution really set the self signed certificate into node.js process but the problem is it overrides the default trusted certificates of Nodejs and my other Axios call that are using public certificates stop working.

I cannot use NODE_EXTRA_CA_CERTS because I cannot set its value runtime (I am reading the certificate from s3)

[mhdawson]

@danbev I know you've look at the code around NODE_EXTRA_CA_CERTS. Any thoughts/suggestions come to mind?

[danbev]

Sorry about the late reply, I'll try to take a closer look at this later today.

[danbev]

One way might be to copy the rootCertificates and then add your certificate to that array. Something like the following might work:

const https = require('https');                                                 
const fs = require('fs');                                                          
const tls = require('tls')                                                         
                                                                                   
const cert = fs.readFileSync('cert.pem');                                          
                                                                                   
console.log(tls.rootCertificates.length);                                          
const cas = Object.assign([], tls.rootCertificates);                               
https.globalAgent.ca = cas;                                                        
https.globalAgent.ca.push(cert)                                                    
                                                                                   
console.log(cas.length);

Would something like that work in your use case?

[jmeachum]

I don't know if this applies or is helpful but I ran into a similar error when installing a node package via npm. Npm would use the NODE_EXTRA_CA_CERTS path and get past the ssl errors for the download but would fail on the install, node install.js. I used a combination of setting an env variable SSL_CERT_FILE with full path to the pem file and adding --use-openssl-ca, e.g. node --use-openssl-ca install.js.

[github-actions]

It seems there has been no activity on this issue for a while, and it is being closed in 30 days. If you believe this issue should remain open, please leave a comment.
If you need further assistance or have questions, you can also search for similar issues on Stack Overflow.
Make sure to look at the README file for the most updated links.

[github-actions]

It seems there has been no activity on this issue for a while, and it is being closed. If you believe this issue should remain open, please leave a comment.
If you need further assistance or have questions, you can also search for similar issues on Stack Overflow.
Make sure to look at the README file for the most updated links.