Certificates are rejected by Node

[dpraul]

Node uses its own list of accepted CAs, not the system store, thus certificates generated by mkcert are rejected by Node requests.

That said, as of Node v7.3.0, Node implements a NODE_EXTRA_CA_CERTS environment variable that can be used to specify extra rootCAs to trust. So it sounds like this could be remedied by setting this environment variable to the rootCA path during -install.

[adamdecaf]

That's what I have done in the past. How were you suggesting mkcert set environment variables? That seems out of scope for mkcert and better done by all the local dev / deployment tools.

[dpraul]

I figured since the Java trust store was supported it would fall in-scope, but totally understood if that's not the case (if so, maybe a note can be added to the README just so others don't experience the issue).

And in regards to how, I assumed that a global environment variable could be set since mkcert already makes changes that require elevated permissions. Maybe a guard would be added wherein the env var would not be overwritten if it already exists.

[FiloSottile]

Setting global env vars permanently is not easy to do universally and probably unexpected. What we can do though is document how to use mkcert -CAROOT to set NODE_EXTRA_CA_CERTS in the README.

[rfay]

Here's a solution for node, at least it worked for me:

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

[waldyrious]

@rfay that is exactly what @FiloSottile added to the README (as seen here) in the PR that fixed this issue.