SSL verification for VSCode Extensions

Follow

Overview

When installing VScode extensions, an SSL error may occur similar to this:

Failed to install extension. ms-python.python
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:tlswrap:1532:34)
at TLSSocket.emit (node:events:527:28)
at TLSSocket.finishInit (node:tls_wr","seqId":2}]

 

This error could occur in a corporate environment where outbound SSL inspection/decryption is enabled by IT. 

 

Resolution

Assuming the SSL certificate injected by that inspection process (proxy) is already added to the trusted system CA store. You can instruct the use of that CA store through an environment variable.

To do so, pass in an environment variable NODE_EXTRA_CA_CERTS with<path-to-root-ca-store>:

/etc/rstudio/launcher-env

JobType: Session
Workbench: vs code
Environment: NODE_EXTRA_CA_CERTS=<path-to-root-ca-store>

`<path-to-root-ca-store>` is different based on your Linux distribution.

 

RHEL locates the system CA bundle at this path: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Ubuntu locates the system CA bundle at this path: /etc/ssl/certs/ca-certificates.crt

 

Then, restart the rstudio-launcher and rstudio-server service.

Comments