Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`npx prisma` results in self-signed cert error, though npm config cafile is properly set

See original GitHub issue

Bug description

When I run npx prisma migrate, I get the following error:

Error: request to https://binaries.prisma.sh/all_commits/73e60b76d394f8d37d8ebd1f8918c79029f0db86/windows/prisma-fmt.exe.gz.sha256 failed, reason: self signed certificate in certificate chain

Because my corporate proxy re-signs TLS traffic. I have npm configured to accept a cafile that describes the self-signed cert, which allows npm install to proceed w/o issue. However, the npx prisma migrate fails … presumably because prisma itself is trying to make an https request and is unaware of the npm cafile setting?

I believe we need a way make prisma aware of the cafile.

How to reproduce

Open a terminal on a computer that is on a network behind a proxy that re-signs TLS traffic
Execute the command “npx prisma migrate”

That should result in the error I’m seeing.

Expected behavior

I expect npx prisma migrate to run w/o error. 😃

Prisma information

N/A

Environment & setup

OS: Windows 10
Database: PostgreSQL
Node.js version: v14.18.1

Prisma Version

Ironically, npx prisma -v results in the same error. However, inspecting my node_modules, I see that it is:

3.9.2

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:16 (7 by maintainers)

Top GitHub Comments

4reactions

eric79commented, Mar 11, 2022

Actually, one of my teammates pointed out that if I set the environment variable NODE_EXTRA_CA_CERTS to the path to my .pem file, then npx prisma migrate works as intended.

2reactions

mm-gmbdcommented, Mar 7, 2022

Having this same issue. Came across this other ticket where someone was having an issue with a self-signed cert in the chain.

From @janpio’s comment on that thread, it appears that the engines can be downloaded manually and then paths to those engines can be set via env vars (some documentation is here about it as well).

But unfortunately, after downloading the 4x engines and 1x library, I’m still hitting a snag, but I think it has to do with me not using Docker correctly (that’s where our prisma scripts are actually run).

Here are the engines/libraries that I’ve downloaded specifically, if that helps:

I’ll update once I get my Docker stuff figured out to say whether or not downloading/using these binaries as suggested worked or not.

Top Results From Across the Web

SSL Error: SELF_SIGNED_CERT_IN_CHAIN' while using ...

My issue was caused by a proxy that I'm behind, "npm config set ca null" and 'npm config set ca ""' still gave...

npm config cafile - You.com | The search engine you control.

prisma/prisma`npx prisma` results in self-signed cert error, though npm config cafile is properly set#12162. Created 8 months ago.

Understanding Self-Signed Certificate in Chain Issues on ...

On Node Package Manager you have two options: bypass or set a certificate file. Bypassing (risky!) npm config set strict-ssl false --global.

npm install errors - Google Groups

The SELF_SIGNED_CERT_IN_CHAIN error (as the name implies) is indicating that you have a self-signed SSL certificate somewhere in your computer's certificate ...

how to install express in console Code Example

npm init -y npm i express. ... bash get length of rows · WSL2 trying to launch VSCode with code . results in...