electron: Cannot install behind corporate firewall

Windows 7:

C:\electron\project\node_modules\electron\install.js:47
  throw err
  ^

Error: unable to get local issuer certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1088:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:188:7)
    at TLSSocket._finishInit (_tls_wrap.js:610:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 9
  • Comments: 31 (4 by maintainers)

Most upvoted comments

export NODE_TLS_REJECT_UNAUTHORIZED=0 Worked for me

+13
dmadan86 on Aug 19, 2020

Have you tried with npm config set strict-ssl false? Im also using a corporate proxy and that worked for me.

+13
pabloleban on Jun 8, 2019

We recommend you utilize external tools available to you to properly configure your proxy, or do something like npm config set strict-ssl false. At present, this isn’t something for which the optimal solution presents itself as a change to Electron itself.

+6
codebytere on Jun 6, 2019

@codebytere - thank you, we have moved away from trying Electron and went with nwjs. It is just not possible to use Electron in our environment.

To specifically address your suggestions: 1) I can’t change the proxy configuration. It is configured correctly as required by corporate policy. 2) npm works just fine because I have the strict-ssl setting. The issue is the Electron post install script and it cannot be addressed by npm.

+4
egauci on Jun 6, 2019

Why closed? this issue hasn’t been resolved. I am still getting same issue.

+3
princ09 on Oct 11, 2021

Also for me it’s not fixed. trying to download electron 9.0.2 specified an cafile and set the strict-ssl option to false. always getting the electron post install error

> node install.js RequestError: unable to get local issuer certificate at ClientRequest. (C:\Users\userName\Downloads\projectName\packager-test\node_modules\got\source\request-as-event-emitter.js:178:14) at Object.onceWrapper (events.js:422:26) at ClientRequest.emit (events.js:327:22) at ClientRequest.origin.emit (C:\Users\userName\Downloads\projectName\packager-test\node_modules\@szmarczak\http-timer\source\index.js:37:11) at TLSSocket.socketErrorListener (_http_client.js:432:9) at TLSSocket.emit (events.js:315:20) at emitErrorNT (internal/streams/destroy.js:84:8) at processTicksAndRejections (internal/process/task_queues.js:84:21)

EDIT: SOLVED by: set NODE_EXTRA_CA_CERTS=/path/to/issuer/.crt

specify the node_extra_ca_certs for nodejs before downloading electron solved the problem.

+3
Devilsmaul on Jun 8, 2020

Similar issue here. We have an npm cache using aritfactory - that is: We usually do not use the official npm registry but our local one. We have to do this because our corporate proxy needs authentication.

Of course this won’t work as long as the post-install script tries to download something itself.

Hard coding the proxy credentials in the configuration file for my local PC is bad. Doing this in our CI system is impossible. I currently see two options:

  1. Package everything into npm packages, don’t do any download in the post-install script
  2. Somehow use the system proxy setting (don’t know if this is possible from within the post-install script)
  3. Probably it’d be somehow possible to let electron-download (assuming that this is used to install electron) take the electron package from some local file share?

PS.: We’re currently working on Windows7

+3
schwaerz on Nov 15, 2017

EDIT: Simply setting $env:NODE_TLS_REJECT_UNAUTHORIZED=0 before the electron install ended up working. Then even after setting it back to 1, everything works as normal. But I will leave my original workaround below in case it still helps someone.

For anyone who is still struggling with this issue, I found a workaround on Windows:

  • run npm install electron on a computer which is not behind the problematic proxy/firewall.
  • copy the ‘electron’ folder from node_modules and transfer it to the computer with your electron project. store it somewhere safe and easy to get to as you may need it more than once. (this may raise eyebrows with your IT department, but the fact that VSCode, Microsoft Teams, and Slack are all built on electron should put them at ease - mine trusts me.)
  • in your electron project, run $env:ELECTRON_SKIP_BINARY_DOWNLOAD=1; npm install. This will install everything except it won’t try to download the electron binary. at this point your project will crash when electron tries to start.
  • drag your stashed electron folder into the node_modules folder and overwrite the incomplete one in there. Then your project works.

The problem now is, each time I run npm install or npm add even just for a single new package, it re-runs the electron postinstall . So I have to set $env:ELECTRON_SKIP_BINARY_DOWNLOAD=1 but then npm install will still overwrite my electron installation with an incomplete one and I have to replace the electron folder again.

So now I’m looking for a workaround for that. I may have to split my web app into its own project and have electron in a separate project that just imports everything and bootstraps the web app in an electron window…

+2
DFG-kjtroll on Feb 3, 2022

Can you try

ELECTRON_GET_USE_PROXY=1

GLOBAL_AGENT_HTTPS_PROXY=http://localhost:8888
GLOBAL_AGENT_HTTP_PROXY=http://localhost:8888

http-proxy=http://localhost:8888
proxy=http://localhost:8888
HTTP_PROXY=http://localhost:8888
HTTPS_PROXY=http://localhost:8888
NODE_TLS_REJECT_UNAUTHORIZED=0

Not all of them might be required.

ref https://www.electronjs.org/docs/tutorial/installation#proxies

(replace http://localhost:8888 with your own proxy)

+2
0x53A on Mar 29, 2021

export NODE_TLS_REJECT_UNAUTHORIZED=0 Worked for me

Works.

+1
chakany on Mar 16, 2021
Read more comments on GitHub
← electron: Cannot change the `enabled` state of a menu item on Linux
electron: Cannot load content on Windows when sandbox is enabled →