npm 添加根 CA [英] npm add root CA

问题描述

我正在寻找一种将自定义 CA 添加到 NPM 的方法，以便我可以使用所述证书(内部 git 服务器)从某个位置下载，而无需使用所有 CA 检查

I am looking for a way to add a custom CA to NPM so I can download from a location using said certificate (an internal git-server) without having to nuke all CA-checking with

npm config set strict-ssl false

有没有办法做到这一点?(如果没有:是否已经存在缺陷?)

Is there any way of achieving this or not? (if not: is there already a defect?)

推荐答案

你可以将 npm 指向 cafile

You can point npm to a cafile

npm config set cafile /path/to/cert.pem

您还可以配置 ca 字符串(s) 直接.

You can also configure ca string(s) directly.

npm config set ca "cert string"

ca 可以是一组证书字符串也是.在你的 .npmrc 中:

ca[]="cert 1 base64 string"
ca[]="cert 2 base64 string"

上面的 npm config 命令会将相关的配置项持久化到您的 ~/.npmrc 文件中:

The npm config commands above will persist the relevant config items to your ~/.npmrc file:

cafile=/path/to/cert.pem

注意:这些 CA 设置将覆盖默认的真实世界"npm 使用的证书颁发机构查找.如果您尝试通过 https 使用任何未由您的 CA 证书签名的公共 npm 注册表，您将收到错误消息.

Note: these CA settings will override the default "real world" certificate authority lookups that npm uses. If you try and use any public npm registries via https that aren't signed by your CA certificate, you will get errors.

如果您需要同时支持公共 https npm 注册表以及您自己的注册表，则可以使用 curl 的基于 Mozilla 的 CA 包 并将您的 CA 证书附加到 cacert.pem 文件:

If you need to support both public https npm registries as well as your own, you could use curl's Mozilla based CA bundle and append your CA cert to the cacert.pem file:

curl https://curl.haxx.se/ca/cacert.pem > ~/.npm.certs.pem
cat my-ca-cert.pem >> ~/.npm.certs.pem
npm config set cafile ~/.npm.certs.pem

不幸的是，npm 的 CA 包不可编辑，因为它在 源代码中提供(感谢 tomekwi)但是 nitzel 提供了一个通用的 Node.js 方法来通过 NODE_EXTRA_CA_CERTS 环境变量附加证书.

Unfortunately npm's CA bundle is not editable as it's provided in the source code (thanks tomekwi) but nitzel has provided a generic Node.js method to append a certificate via the NODE_EXTRA_CA_CERTS environment variable.

RHEL 注意:如果您碰巧使用基于 RHEL 的发行版和 RHEL 打包的 nodejs/npm，您可以使用标准的 update-ca-trust 方法，因为 RedHat 将它们的包指向系统 CA.

RHEL Note: If you happen to be using a RHEL based distro and the RHEL packaged nodejs/npm you can use the standard update-ca-trust method as RedHat points their packages at the system CA's.

这篇关于npm 添加根 CA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！