Unable to get local issuer certificate


#1

I am unable to search for any packages while I am at work. The error I am receiving is “unable to get local issuer certificate”. I am behind multiple firewalls and a webfilter. It is common for me to run in to issues with the webfilter due to the use of a Internally (via internal CA) signed cert on the webfilter. Typically all I have to do it configure the application to ignore SSL cert errors but I am not having much luck figuring it out in Atom. I should also mention that I am a new Atom user so please forgive me if I ask any “obvious” questions.


#2

I just figured it out so I am going to post here what I did in case any new users come across it:

You need to add strict-ssl=false to C:\Users\UserName\.atom\.apmrc (or /home/UserName/.atom/.apmrc for most Linux). If this EXACT filename does not exist then create it! Don’t confuse this with OS_Dependant_Path/.atom/.apm/.apmrc as this is the base system-level config file and is over-written everytime you relaunch Atom.


#3

This is also covered in the installation section of the Atom Flight Manual:

http://flight-manual.atom.io/getting-started/sections/installing-atom/#proxy-and-firewall-settings


#4

Thank you very much, @leedohm, it was really helpful!


#5

Thankyou @gruberaaron.


#6

Folks,

I added strict-ssl=false to the .apmrc file as mentioned above, it started showing the featured packages and I was able to install the teletype package but still can not search for other packages. It shows the same error “unable to get local issuer certificate”. Any idea how to get around this problem?


#7

Same issue here. Have you found anything?


#8

@wandonye I ended up downloading the packages in my home machine and then copied them to my work machine.


#9

Because of a poor software architecture decision early in the NPM project, there is an env var that that will reject self-signed certificates, even if you have strict-ssl set to none. The solution is to set NODE_TLS_REJECT_UNAUTHORIZED=0 in your init.coffee (you can test it by running NODE_TLS_REJECT_UNAUTHORIZED=0 atom . and then trying to install a package.

# $EDITOR $ATOM_HOME/init.coffee
# Disable TLS Verification.
process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0

#10

It’s important to point out that this disables HTTPS completely; It’s like turning off security. But I’m completely unable to install anything unless I do. APM/Atom doesn’t seem to read the cafile config.


#11

^^ This solution right above worked like a charm in order to get the packages in case someone is still having the same issue, after that in order to install them I disabled the strict SSL on windows by running:

apm config set strict-ssl false
Thanks a lot!!


#12

I put

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0

into the init.coffee file but the now I get this error

tunneling socket could not be established, cause=read ECONNRESET

Any help would be much appreciated!


#13

I was facing a similar problem while trying to install atom-runner from Atom GUI editer.

The workaround is to open a command prompt and run the install command from the command prompt.

``> apm search atom-runner`

`


#14

Try this fix

Open Command Prompt or Power Shell
Execute the following command apm config set strict-ssl false
Then execute the command to install desired package, example apm install split-diff

http://zacktutorials.blogspot.com/2018/10/when-installing-atom-packages-some.html