Error Installing node-red-contrib-mssql 0.0.7

Craig_Robertson · March 7, 2024, 2:55pm

I am getting this error when trying to install.

I have used this node in previous projects…but the PR1 firmware was older.

PR1 firmware in the controller is 3.5.1-b.85.

2024-03-07T14:40:02.501Z Install : node-red-contrib-mssql 0.0.7

2024-03-07T14:40:02.541Z npm install --no-audit --no-update-notifier --no-fund --save --save-prefix=~ --production --engine-strict node-red-contrib-mssql@0.0.7
2024-03-07T14:40:11.861Z [err] npm
2024-03-07T14:40:11.863Z [err] ERR! code SELF_SIGNED_CERT_IN_CHAIN
2024-03-07T14:40:11.864Z [err] npm ERR! errno SELF_SIGNED_CERT_IN_CHAIN
2024-03-07T14:40:12.009Z [err] npm
2024-03-07T14:40:12.010Z [err] ERR! request to https://registry.npmjs.org/node-red-contrib-mssql failed, reason: self signed certificate in certificate chain
2024-03-07T14:40:12.040Z [err]
2024-03-07T14:40:12.041Z [err] npm ERR!
2024-03-07T14:40:12.042Z [err] A complete log of this run can be found in:
2024-03-07T14:40:12.042Z [err] npm ERR! /home/dev/.npm/_logs/2024-03-07T14_40_12_019Z-debug.log
2024-03-07T14:40:12.082Z rc=1

Beno · March 7, 2024, 6:09pm

Both @torchard and I have never come across this one.
Did some reading and seems that its linked to the EPIC (or, more accurately - since it has nothing to do specifically with EPIC - the device running nodeJS) certificate store or if you are using VPN or web proxy.

I think this explains why we have not seen it in house (yet). We don’t run either VPN much and for sure don’t have a web proxy.

Do you have an IT department that might be able to help work out why their certificate is over riding the EPIC certificate store?

There are some possible shell work arounds, but I am not sure you have shell installed on this EPIC?

Craig_Robertson · March 7, 2024, 8:39pm

Thanks for the reply.

We are not running the PR1 on a VPN.

I reproduced the error on another PR1 running an older firmware on the same network.

I have contacted our IT group for help.

Also, working with Norm in Support ref 125666.

I will post anything we find.

Craig_Robertson · March 8, 2024, 3:55pm

Fixed: The issue was in our company’s network firewall.

Here is IT’s explanation.

The controller is missing a certificate from the firewall that allows it to perform virus scanning on the encrypted traffic. When a device goes out to the internet the traffic is usually encrypted from the device (controller in this instance) to the internet server and all the firewall can see is encrypted traffic. The firewall we use has decryption capabilities so the connection from the device to the firewall is encrypted using our certificate, then is scanned for viruses/malware, and then the connection from the firewall to the internet server is encrypted. This only works if the encryption key from the firewall is installed on the device. We use Active Directory to push the cert to computers but it needs to be manually installed on any device not in active directory.

Thank you everyone for your assistance.

Beno · March 8, 2024, 4:24pm

Thanks so much for getting back to us with that solid explanation.
I suspect we are going to see more firewalls that do deep packet inspection etc.

This is really good information and thanks again for closing the loop. It helps makes these forums so much more powerful.

philip · March 8, 2024, 4:25pm

In other words: Don’t do any banking at work (or anything else you don’t want your employer to see.) This is basically a corporate man-in-the-middle attack.