Getting SSL certificate error when installing React app with npm

Issue with npm SSL Certificate

I’m having trouble setting up a new React project at my workplace. The same command works perfectly fine on my home computer, but fails in the corporate environment.

When I execute npm create react-app new-project, everything runs smoothly on my personal machine. However, at work I keep getting this SSL certificate error:

npm ERR! node v6.10.2
npm ERR! npm  v3.10.10
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY

npm ERR! unable to get local issuer certificate
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     npm issues page

I’ve been exploring different approaches to build React applications and this Facebook tool seemed like the most straightforward option. Has anyone encountered this certificate problem in a corporate network setup? What would be the best way to resolve this SSL issue?

The Problem:

You’re encountering an “unable to get local issuer certificate” error when trying to use npm create react-app within your corporate network. This error typically arises because your company’s network security measures (firewalls, proxy servers, or SSL inspection) intercept and modify HTTPS traffic, leading to certificate trust issues with npm. The command works fine on your personal machine because it doesn’t have these network restrictions.

Understanding the “Why” (The Root Cause):

Your corporate network likely performs SSL interception. This means your company’s security infrastructure intercepts all HTTPS traffic, decrypts it, inspects it for malicious content, and then re-encrypts it using its own certificates. npm, by default, trusts only publicly recognized certificate authorities. Because your company’s certificate isn’t one of these, npm rejects it, resulting in the SSL certificate error.

Step-by-Step Guide:

This guide outlines several approaches to resolving the issue. Start with the safest and least disruptive methods and proceed if necessary:

Step 1: Obtain and Install the Corporate Root Certificate (Recommended):

1. Contact your IT department. They should be able to provide you with your company’s root certificate, often as a .pem file.
2. Determine the correct location for your system’s certificate store. This location varies depending on your operating system:
   • Windows: Often within %APPDATA%\npm-cache\cacert.pem (or a similar directory). You might need administrator privileges to access and modify this.
   • macOS/Linux: The location depends on your specific distribution and configuration. Check npm’s documentation for details on configuring cafile.
3. If a dedicated cacert.pem file doesn’t exist in the npm cache directory, copy the root certificate into this folder. If the file does exist, you might need to append your company’s certificate to it. Consult your system’s documentation on certificate management for merging certificates correctly.
4. Configure npm to use this file by running: npm config set cafile /path/to/certificate.pem. Replace /path/to/certificate.pem with the actual path.
5. Retry your npm create react-app new-project command.

Step 2: Configure npm for your Corporate Proxy (Alternative):

1. Contact your IT department for the proxy server address and any necessary authentication credentials (username and password).
2. Set the proxy settings in npm using the following commands (replace values with those provided by your IT):

   npm config set proxy http://your.proxy.server:port
   npm config set https-proxy http://your.proxy.server:port
   # If your proxy requires authentication:
   npm config set proxy http://username:[email protected]:port
   npm config set https-proxy http://username:[email protected]:port
   

3. Retry the npm create react-app command.

Step 3: Temporary HTTP Registry (Least Recommended):

This method bypasses SSL validation but is not recommended for security reasons. Use this only as a last resort and switch back to the HTTPS registry afterward.

1. Switch to the HTTP registry: npm config set registry http://registry.npmjs.org/
2. Run npm create react-app new-project
3. Switch back to the HTTPS registry after creating the project: npm config set registry https://registry.npmjs.org/

Common Pitfalls & What to Check Next:

• Incorrect Certificate Path: Double-check that you’ve specified the correct path to your certificate.pem file.
• Permissions: Ensure you have the necessary permissions to modify the npm configuration and certificate store.
• Proxy Authentication: Verify you’ve correctly configured your proxy settings, including username and password if required.
• Firewall Rules: Ensure that your firewall allows outbound connections to the necessary npm registry URLs.
• Internal NPM Registry: Your company may use a private npm registry. Check with your IT team for its URL and any special configuration instructions.
• Consider npx: Try using npx create-react-app new-project as an alternative to npm. It sometimes handles corporate proxy settings differently.

Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!

Super common issue in corporate environments. Your company’s firewall is swapping external SSL certificates with internal ones that npm doesn’t trust. I ran into this exact problem at my last job. Fastest fix was grabbing the corporate root certificate from IT and adding it to npm’s cert store with npm config set cafile /path/to/certificate.pem. Keeps security intact while making npm work. You can also configure npm for your corporate proxy by setting the registry URL and proxy settings. Most IT departments have standard instructions for this since it breaks tons of dev tools, not just npm. I’d hit up your network team first - they’ve probably got a procedure that doesn’t involve killing security features.

Ugh, same thing happened to me last month! Try npx instead of npm - npx create-react-app new-project sometimes gets around the SSL issues. Also check if your company uses an internal npm registry instead of the public one.

Your workplace network is doing SSL inspection - intercepting all HTTPS traffic and re-encrypting it with their own certificates. I ran into this exact problem at my last job and found a quick fix: temporarily switch to the HTTP registry. Run npm config set registry http://registry.npmjs.org/ instead of the default HTTPS version. After creating your project, switch back with npm config set registry https://registry.npmjs.org/. Not pretty, but it skips SSL validation completely. Some devs also try yarn since it handles corporate proxies differently. Your company’s network security is causing this, so this workaround gets you going without bugging IT or messing with system certificates.

yeah, corporate networks can be tricky! i had the same ssl issue – setting npm config set strict-ssl false helped me too. just remember to switch it back once you’re done to keep things secure!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.