WSL Node/npm Setup Behind SSL Interception

wsl nodejs npm ssl development


Goal

  • Use Node.js via nvm inside WSL
  • Allow npm install to succeed behind a corporate SSL-inspecting firewall using self-signed root/intermediate CAs

Install Node 20+ with nvm

# Install nvm (if not present)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash
source ~/.nvm/nvm.sh
 
# Install and use Node 20+
nvm install 20
nvm use 20
nvm alias default 20
 
# Verify
node -v
npm -v

Ensures you’re using a user-owned Node install (under ~/.nvm/versions/...).


Remove Conflicting npm Prefix Settings

# Remove old npm prefix/globalconfig overrides
sed -i '/^prefix=/d;/^globalconfig=/d' ~/.npmrc 2>/dev/null || true
npm config delete prefix || true
npm config delete globalconfig || true
 
# Confirm nvm paths are correct
npm prefix -g    # ~/.nvm/versions/node/v20.x.x
npm root -g      # ~/.nvm/versions/node/v20.x.x/lib/node_modules

Prevents permission errors (EACCES) from using /usr/local/lib.


Import Corporate CA Certificates

# Place certs in ~/.certs (PEM/CRT format)
mkdir -p ~/.certs
# Copy your corporate root and intermediate CA .crt files here
 
# Install into system trust store
sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp ~/.certs/*.crt /usr/local/share/ca-certificates/extra
sudo update-ca-certificates

Expect output: N added, 0 removed (where N = number of certs).


Bundle CAs for Node/npm

# Create a single bundle
cat /usr/local/share/ca-certificates/extra/*.crt > ~/.certs/corp-bundle.crt
 
# Node (nvm-safe)
echo 'export NODE_EXTRA_CA_CERTS="$HOME/.certs/corp-bundle.crt"' >> ~/.bashrc
 
# npm
npm config set cafile "$HOME/.certs/corp-bundle.crt"
npm config set strict-ssl true
 
# Reload shell to apply
exec bash -l

Makes Node.js and npm trust your corporate CA without disabling SSL verification.


Verify and Install

# Should NOT show cert errors
curl -sI https://api.github.com | head -n1
 
# Confirm config
echo $NODE_EXTRA_CA_CERTS
npm config get cafile
 
# Test install
npm install -g <some-package>

Git Configuration (Optional)

git config --global http.sslCAInfo "$HOME/.certs/corp-bundle.crt"

Quick Troubleshooting Table

ProblemLikely Fix
SELF_SIGNED_CERT_IN_CHAINMissing root/intermediate in trust store
0 added, 0 removed on update-ca-certificatesRename .pem.crt and ensure CA:TRUE
EACCES on npm global installRemove prefix from ~/.npmrc; use nvm
command not found for node/npmAdd nvm init to ~/.bashrc