Troubleshoot certificate errors

Problem

Error message Unable to get local issuer certificate or something with certificate path.

Solution

• Add all certificates in the correct chain to the operating system, the environment (JDK), or both that the certificate is running on.

• Set Allow unknown certificate authority in the IDE or

• Pass the --insecure argument to the Snyk CLI executable using settings, This does not solve Download, API access, and Snyk Code communication.

Custom Certificate Authorities

Java

The CA and intermediate certificates must be added to the certificate store of each JDK used.

See Import the Certificate as a Trusted Certificate (The Java™ Tutorials > Security Features in Java SE > Signing Code and Granting It Permissions).

Eclipse

• Update the JDK used by Snyk scans to add unknown certificates.

• Update to the latest CLI and pugin version.

• CLI download can be re-triggered by deleting the CLI. The path is shown in the Snyk Preferences.

IntelliJ

• See Trusted root certificates | IntelliJ IDEA.

• Updating the Jetbrains certificate handling only will most likely not be sufficient, as the CLI does not use Jetbrains settings, but JAVA_HOME and PATH to determine a JDK. This JDKs certificate store must be updated.

VSCode

Try using thewin-ca extension to make Trusted Root Certificates available to the extension.

See win-ca.

Another option is using environment variables; see How to add custom certificate authority (CA) to nodejs .

The last resort is to disable Certificate checks. Add --insecure to additional arguments to disable checks in the CLI, and uncheck the setting to use a strict proxy (http.proxyStrictSSL) in VSCode to disable certificate checks in https calls.