44

I'm trying to migrate from npm to Yarn. When I tried to install dependencies through yarn, I'm getting this error.

unable to verify the first certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1055:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:580:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:412:38)

Same works fine with npm. Tried setting proxy, didn't help.Is there any configuration I need to change?

Aurora0001
  • 12,155
  • 5
  • 48
  • 51
Manikandan
  • 2,805
  • 2
  • 18
  • 27
  • Could you provide more details like 1. When did you encounter this error? Was it at `yarn install`? 2. What is the complete stack trace? Which npm package threw this error? – nikjohn Oct 15 '16 at 09:55

4 Answers4

88

If the certificate is unable to be verfied, you can open set strict-ssl to false. You should be able to configure this by runnning

yarn config set "strict-ssl" false -g

But the command is currently not working, see issue 980.

As an alternative you can navigate to C:\Users\\ and open .yarnrc and manually update it as follows:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
strict-ssl false
cgatian
  • 20,484
  • 8
  • 52
  • 74
  • 1
    "If you don't have the certificate available" --- what does this statement even mean? – zerkms Nov 23 '16 at 21:07
  • 1
    Edited for clarification. – cgatian Nov 23 '16 at 21:44
  • 1
    `yarn config set "strict-ssl" false -g` worked fine for me. Thanks – Alsty Jul 14 '20 at 08:45
  • "Manually edit the file that says not to manually edit it" . Probably good to say why that is worth doing.... – Garrett Motzner Oct 19 '21 at 19:36
  • You should probably mention that turning off strict-ssl could potentially open you up to man in the middle attacks unless your behind a tusted proxy. At the very least I'd suggest removing the -g so you set that setting only for yourself rather then forcing it on other users who may not know their ssl isn't secure any more. – dsollen Dec 28 '21 at 14:42
35

This means that more than likely you're behind a corporate proxy that uses a self signed certificate. I'm using version v0.16.1, and you can fix this by providing the public certificate to the yarn configuration like so:

yarn config set cafile <path-to-certificate.pem>
trigoman
  • 3,465
  • 2
  • 21
  • 20
  • This ended up working great for me, my one hangup was that I was using Docker so I needed to make sure to add the apk ca-certificates and copy the certs to the docker directory using my dockerfile config first. The SO answer (second ranked) helped with this: https://stackoverflow.com/questions/26028971/docker-container-ssl-certificates. From there it was adding the command you specified. – Khoward Sep 07 '21 at 13:44
0

For Yarn 2 and 3 you can add the following to your .yarnrc.yml file

enableStrictSsl: false

More Info in the Docs

Chris Stillwell
  • 9,821
  • 9
  • 70
  • 73
-2

I had this error when trying to install the React Devtools Extensions behind a corporate proxy with correct certificates setup locally. The yarn.lock file contains many references to https://registry.yarnkpg.com which was bypassing our corporate Nexus.

I was able to install by running:

yarn install --no-lockfile
mummybot
  • 2,362
  • 2
  • 25
  • 29