How do I get Visual Studio Code to trust our self-signed proxy certificate?
Our corporate firewall/proxy is keeping VS Code from being able to install extensions because Code doesn't trust something in the chain. It doesn't reliably give an error, but when it does, it's this: "self signed certificate in certificate chain".
This seems like it's an OpenSSL error, but I don't have enough familiarity with OpenSSL to know how to trust the certificate?
This is a terrible answer (not very secure), but appears to be the current Microsoft official answer. Use "http.proxyStrictSSL": false
in your settings.json file.
This should work to get around the issue of installing extensions inside a corporate network, but I'd recommend disabling the setting if you are going to be working from home/coffee shop and not connected to the corporate VPN.
https://github.com/Microsoft/vscode/issues/3492
I was having the same issue, not when installing an extension, but when a certain extension was trying to download data. Adding "http.proxyStrictSSL": false
to my settings file did not work. Disabling SSL is also a really bad idea.
The resolution was to install the Visual Studio Code win-ca plugin which makes trusted Windows certificates available to extensions.
There is actually a better way:
Since VS Code is built on Chromium the "proxy settings should be picked up automatically" from Google Chrome/Chromium. So if you add your self-signed certificate in Chrome/Chromium by going to:
chrome://settings/privacy
- Manage certificates
- Authorities / Import
- Select and import your certificate (pem-file)
- Restart VS Code
I was able to download VS Code extensions despite being behind a corporate proxy.
Remark: Ubuntu 18.04 and VS Code works only with Chrome and not Chromium.
EDIT: Still works in 2021 on Big Sur and Catalina, maybe others
First, make sure that the certificates are installed and trusted (I have them in the System category).
Then, go into VScode settings, Application, Proxy, and UNCHECK the "System certificates" option. Restart vscode and RE-CHECK it. Restart again, and it works.
No idea why you have to do this, but it worked for me. I was very surprised. The error I was getting in the developer console (Help - toggle developer tools - console tab) was "self signed certificate in certificate chain".
I had to add the corporate certificate as a root CA to my local NSS store to get this to work.
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n <certificate nickname> -i <certificate filename>
See this GitHub issue for more info.