Trusting custom certificate authorities in Node

Many times in development you need to create a custom certificate in order to test locally. We have created a custom certificate authority (CA) that issues these certificates.

In our host operating system it's pretty straightforward to trust a custom CA by double-clicking the certificate and following the GUI. But for Node applications it's not quite the same.

If your certificate authority is not trusted then you'll get an error something like this when trying to access your server from Node.

Error: unable to verify the first certificate

UNABLE_TO_VERIFY_LEAF_SIGNATURE

In my case I was trying to access a local WordPress REST API instance over https with a certificate signed by my custom CA.

NODE_EXTRA_CA_CERTS to trust

Node will look to an environment variable called NODE_EXTRA_CA_CERTS for other certificates it might need. We can add our CA to this to avoid the above errors.

• Open your shell rc file (.zshrc/.bashrc) - code ~/.zshrc
• Add the environment variable:
  export NODE_EXTRA_CA_CERTS=/Users/pathtocert/custom-ca.crt
• Save and close
• Restart your terminal or reload .zshrc
source ~/.zshrc
• Verify:
  echo $NODE_EXTRA_CA_CERTS

Now you’ll be able to access the server from Node without errors.