The "self signed certificate" error occurs when npm encounters an SSL certificate that was not issued by a trusted Certificate Authority. This commonly happens with corporate proxies, private registries, or misconfigured networks.
This error indicates that somewhere in the SSL certificate chain, npm encountered a self-signed certificate - one that was signed by itself rather than a trusted Certificate Authority. SSL/TLS security relies on a chain of trust from the server's certificate back to a trusted root CA. Self-signed certificates break this chain because there's no third-party verification. While self-signed certificates can be legitimate (corporate CAs, development environments), npm rejects them by default to protect against man-in-the-middle attacks.
Find out where the self-signed cert comes from:
openssl s_client -connect registry.npmjs.org:443 -showcerts 2>/dev/null | openssl x509 -noout -issuer -subjectCompare the issuer - if it's your company, you need their CA certificate.
Get the certificate from your browser:
1. Visit https://registry.npmjs.org
2. Click padlock > Certificate
3. Go to Certification Path tab
4. Select the root certificate
5. Export to PEM format
Or via command line:
openssl s_client -connect registry.npmjs.org:443 </dev/null 2>/dev/null | openssl x509 > cert.pemConfigure npm to trust the certificate:
npm config set cafile /path/to/cert.pemOr via environment variable:
export NODE_EXTRA_CA_CERTS=/path/to/cert.pemFor permanent solution, add to system CA store:
# Ubuntu/Debian
sudo cp cert.pem /usr/local/share/ca-certificates/custom-ca.crt
sudo update-ca-certificates
# CentOS/RHEL
sudo cp cert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
# macOS
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain cert.pemIf using a private registry with self-signed cert:
# Set the registry
npm config set registry https://private-registry.company.com
# Set its CA certificate
npm config set cafile /path/to/private-registry-ca.pem⚠️ Only for testing/development:
npm config set strict-ssl falseNever use this in production or CI/CD - it disables all certificate verification.
In enterprise environments, work with your IT/security team to get the corporate CA certificate properly installed on all developer machines. For CI/CD, include the CA certificate in your pipeline configuration or Docker images. If you control the private registry, consider getting a certificate from a public CA like Let's Encrypt instead of using self-signed certificates.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm