WSL Node/npm Setup Behind SSL Interception
wsl nodejs npm ssl development
Goal
- Use Node.js via nvm inside WSL
- Allow
npm installto succeed behind a corporate SSL-inspecting firewall using self-signed root/intermediate CAs
Install Node 20+ with nvm
# Install nvm (if not present)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash
source ~/.nvm/nvm.sh
# Install and use Node 20+
nvm install 20
nvm use 20
nvm alias default 20
# Verify
node -v
npm -vEnsures you’re using a user-owned Node install (under ~/.nvm/versions/...).
Remove Conflicting npm Prefix Settings
# Remove old npm prefix/globalconfig overrides
sed -i '/^prefix=/d;/^globalconfig=/d' ~/.npmrc 2>/dev/null || true
npm config delete prefix || true
npm config delete globalconfig || true
# Confirm nvm paths are correct
npm prefix -g # ~/.nvm/versions/node/v20.x.x
npm root -g # ~/.nvm/versions/node/v20.x.x/lib/node_modulesPrevents permission errors (EACCES) from using /usr/local/lib.
Import Corporate CA Certificates
# Place certs in ~/.certs (PEM/CRT format)
mkdir -p ~/.certs
# Copy your corporate root and intermediate CA .crt files here
# Install into system trust store
sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp ~/.certs/*.crt /usr/local/share/ca-certificates/extra
sudo update-ca-certificatesExpect output: N added, 0 removed (where N = number of certs).
Bundle CAs for Node/npm
# Create a single bundle
cat /usr/local/share/ca-certificates/extra/*.crt > ~/.certs/corp-bundle.crt
# Node (nvm-safe)
echo 'export NODE_EXTRA_CA_CERTS="$HOME/.certs/corp-bundle.crt"' >> ~/.bashrc
# npm
npm config set cafile "$HOME/.certs/corp-bundle.crt"
npm config set strict-ssl true
# Reload shell to apply
exec bash -lMakes Node.js and npm trust your corporate CA without disabling SSL verification.
Verify and Install
# Should NOT show cert errors
curl -sI https://api.github.com | head -n1
# Confirm config
echo $NODE_EXTRA_CA_CERTS
npm config get cafile
# Test install
npm install -g <some-package>Git Configuration (Optional)
git config --global http.sslCAInfo "$HOME/.certs/corp-bundle.crt"Quick Troubleshooting Table
| Problem | Likely Fix |
|---|---|
SELF_SIGNED_CERT_IN_CHAIN | Missing root/intermediate in trust store |
0 added, 0 removed on update-ca-certificates | Rename .pem → .crt and ensure CA:TRUE |
EACCES on npm global install | Remove prefix from ~/.npmrc; use nvm |
command not found for node/npm | Add nvm init to ~/.bashrc |