How do I get Visual Studio Code to trust our self-signed proxy certificate?

openssl visual-studio-code

Our corporate firewall/proxy is keeping VS Code from being able to install extensions because Code doesn't trust something in the chain. It doesn't reliably give an error, but when it does, it's this: "self signed certificate in certificate chain".

This seems like it's an OpenSSL error, but I don't have enough familiarity with OpenSSL to know how to trust the certificate?


This is a terrible answer (not very secure), but appears to be the current Microsoft official answer. Use "http.proxyStrictSSL": false in your settings.json file.

This should work to get around the issue of installing extensions inside a corporate network, but I'd recommend disabling the setting if you are going to be working from home/coffee shop and not connected to the corporate VPN.

https://github.com/Microsoft/vscode/issues/3492


I was having the same issue, not when installing an extension, but when a certain extension was trying to download data. Adding "http.proxyStrictSSL": false to my settings file did not work. Disabling SSL is also a really bad idea.

The resolution was to install the Visual Studio Code win-ca plugin which makes trusted Windows certificates available to extensions.


There is actually a better way:

Since VS Code is built on Chromium the "proxy settings should be picked up automatically" from Google Chrome/Chromium. So if you add your self-signed certificate in Chrome/Chromium by going to:

  1. chrome://settings/privacy
  2. Manage certificates
  3. Authorities / Import
  4. Select and import your certificate (pem-file)
  5. Restart VS Code

I was able to download VS Code extensions despite being behind a corporate proxy.

Remark: Ubuntu 18.04 and VS Code works only with Chrome and not Chromium.


EDIT: Still works in 2021 on Big Sur and Catalina, maybe others

First, make sure that the certificates are installed and trusted (I have them in the System category).

Then, go into VScode settings, Application, Proxy, and UNCHECK the "System certificates" option. Restart vscode and RE-CHECK it. Restart again, and it works.

No idea why you have to do this, but it worked for me. I was very surprised. The error I was getting in the developer console (Help - toggle developer tools - console tab) was "self signed certificate in certificate chain".


I had to add the corporate certificate as a root CA to my local NSS store to get this to work.

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n <certificate nickname> -i <certificate filename>

See this GitHub issue for more info.

Related

What does it mean to bind() a socket to any address other than localhost?
Testing a redirect to a new route with Cypress
Lombok hashCode:: 1. Why good? 2. Why no compile error? [closed]
Attempting to concatenate multiple rows.. unexpected results
Optional chaining operator support in VSCode
Android - drag and drop - list rearrange
How do I draw lines using XNA?
What are the pitfalls of a Java noob? [closed]
Which is better: Bookmark/Key Lookup or Index Scan
How to add an attention mechanism in keras?
Java socket.io client
Qt Framework, PyQt5 and AttributeError: 'MyApp' object has no attribute 'myAttribute'