docs: Better documentation of trusting SSL certs#215
Conversation
End-to-end Test Summary
Detailed Test Results
Failed Test SummaryNo failed tests ✨Flaky Test SummaryNo flaky tests detected. ✨ |
Unit Test Summary
Detailed Test Results
Failed Test SummaryNo failed tests ✨Flaky Test SummaryNo flaky tests detected. ✨ |
mofojed
left a comment
There was a problem hiding this comment.
Add a little more context to the PR description.
In particular, I think it's important we put the ticket number for VS Code tracking this.
In their documentation: https://code.visualstudio.com/docs/setup/network#_legacy-proxy-server-support
Extensions don't benefit yet from the same proxy support that VS Code supports. You can follow this issue's development in GitHub.
And the issue itself has some information on their efforts: microsoft/vscode#12588
| Deephaven servers using self-signed certificates or internal CA's will require configuring VS Code to trust the signing certificate. | ||
|
|
||
| 1. Save the signing certificate in PEM format somewhere on the machine running VS Code. Multiple certificates can be concatenated together in the same file if there are multiple certs that need to be configured. | ||
| 1. Set the `NODE_EXTRA_CA_CERTS` environment variable to the path of the signing certificate. |
There was a problem hiding this comment.
| 1. Set the `NODE_EXTRA_CA_CERTS` environment variable to the path of the signing certificate. | |
| 2. Set the `NODE_EXTRA_CA_CERTS` environment variable to the path of the signing certificate. |
There was a problem hiding this comment.
@mofojed Is this change necessary? Markdown rendererer "should" auto number these.
There was a problem hiding this comment.
You can see the output in the branch:
https://github.com/deephaven/vscode-deephaven/tree/DH-18191-2_logs-and-docs?tab=readme-ov-file#ssl-certificates
There was a problem hiding this comment.
Yes it does auto number them, was a nitpick.
| setx NODE_EXTRA_CA_CERTS C:\Path\To\cert.pem | ||
| ``` | ||
| > Note that paths in env variables should not be wrapped in quotes on Windows. | ||
| 1. Start VS Code in a shell that has the `NODE_EXTRA_CA_CERTS` variable set. |
There was a problem hiding this comment.
| 1. Start VS Code in a shell that has the `NODE_EXTRA_CA_CERTS` variable set. | |
| 3. Start VS Code in a shell that has the `NODE_EXTRA_CA_CERTS` variable set. |
There was a problem hiding this comment.
Same here, Markdown supports numbering as 1. 1. 1. ... and auto increments. Makes it easier to insert / re-order in the future without modifying every line.
@mofojed I'm not sure this is directly related to proxy support. It's a NodeJs nuance of trusting SSL certificates. Even if there is no proxy involved, a signing cert that is not included in the NodeJS install won't be trusted without this config. I've updated the PR description with some more context. |
|
@bmingles Okay I found one comment on that linked issue though that seems interesting: microsoft/vscode#12588 (comment)
Sounds like if they provided that |
|
@mofojed I've added a reference to that comment in the PR description. I also added a comment to that issue to see if anyone can provide a more direct link to Chrome |
DH-18191: Better documentation of trusting SSL certs
NodeJS doesn't use the OS cert store to determine which signing certificates it trusts. Instead, it has a static list of trusted certs included in the install. For certificates not in this list, there is a
NODE_EXTRA_CA_CERTSenvironment variable that can be set to tell NodeJS about additional certs to trust. This PR updates the docs with instructions of how to set this.