aio commands give local issuer certificate error | Community
Skip to main content
S
SrikanthPo3
Level 5
January 21, 2025
Solved

aio commands give local issuer certificate error

  • January 21, 2025
  • 4 replies
  • 2596 views

Hi All,

I am trying to set up aio CLI to perform certain operations on API Mesh part of Adobe Commerce integration with AEM. After installing node, npm and aio CLI, running aio auth:login command, authentication is successful but running aio api-mesh describe command gives below error. I am within a corporate network, executing from windows command prompt. Can anyone help in getting this issue resolved? I am unable to select organization/workspace/project because of this issue.

C:\Users\spogula>aio api-mesh describe | Getting Organizations... CoreConsoleAPIError: [CoreConsoleAPISDK:ERROR_GET_ORGANIZATIONS] FetchError: request to https://developers.adobe.io/console/organizations failed, reason: unable to get local issuer certificate at ClientRequest.<anonymous> (C:\Users\spogula\AppData\Local\@adobe\aio-cli\node_modules\@adobe\aio-lib-core-networking\node_modules\node-fetch\lib\index.js:1501:11) at ClientRequest.emit (node:events:513:28) at TLSSocket.socketErrorListener (node:_http_client:502:9) at TLSSocket.emit (node:events:513:28) at emitErrorNT (node:internal/streams/destroy:151:8) at emitErrorCloseNT (node:internal/streams/destroy:116:3) at process.processTicksAndRejections (node:internal/process/task_queues:82:21) { type: 'system', errno: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY', code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' } Code: ERROR_GET_ORGANIZATIONS

 

Best answer by sarav_prakash

Hi @sarav_prakash 

Do I need to disable zscaler every time I want to run aio commands? Or is it the first time only? I am afraid our orgnization's IT team may not agree to disable Zscaler. Can you please suggest any other alternate solutions for this?


Got it. Then narrows to zscaler, local firewall blocking. In my case, my offshore only work against same dev workspace in single AIO project. Stage and Prod, I was taking care as I dont have zscaler issue. So it was one time issue for offshore. 

 

In your case, if you are multiple times switching workspaces or AIO projects, your network team must allow the adobe certs. You may need to raise your network team request stating zscaler is blocking adobe certs. 

4 replies

S
SrikanthPo3Author
Level 5
January 21, 2025
  • node -v : v18.16.0
  • npm -v : 9.5.1
  • aio -v : @61380/aio-cli/10.3.1 win32-x64 node-v18.16.0
    R
    Adobe Employee
    rojoangelAdobe Employee
    Adobe Employee
    January 22, 2025

    Hi @srikanthpo3,

     

    before running

    aio api-mesh describe

    could you try selecting manually the org, project, and workspace to use by running these commands?

    aio console org select # and select your IMS Org aio console project select # and select the console project that contains your API Mesh aio console workspace select # and select the workspace where your API Mesh is or will be deployed # link your local project with the App Builder project in the Adobe Dev Console aio app use

     Ref: https://developer.adobe.com/graphql-mesh-gateway/mesh/basic/work-with-mesh/#select-a-project-or-workspace

      S
      SrikanthPo3Author
      Level 5
      January 31, 2025

      Hi @rojoangel 

      aio console org select is giving the same error as above. Our organization is using pac file for controlling traffic and SSL bypass is not a viable option as per our IT team. Is there an option to pass/set proxy to aio commands?

      sarav_prakash
      Community Advisor
      sarav_prakashCommunity Advisor
      Community Advisor
      January 30, 2025

      Many times cert errors are related to local firewall. Can you please try outside VPN, VDI or any turn off any firewall tools like ZScalar. For my offshore team, zscalar blocks a lot of traffic, and turning off many times resolved such cert errors. 

        sarav_prakash
        Community Advisor
        sarav_prakashCommunity Advisor
        Community Advisor
        January 31, 2025

        If for local, easier fix is to, simply turn off global cert validation using 

        npm config set strict-ssl false  

         and 

        SET NODE_TLS_REJECT_UNAUTHORIZED=0       //For Windows command line

        But this is not recommended. Its ok to temporarily turn off and reset later. 

          S
          SrikanthPo3Author
          Level 5
          January 31, 2025

          Hi @sarav_prakash 

          I have both these configured but still I get the same error with additional warning when NODE_TLS_REJECT_UNAUTHORIZED=0 is set.

          E
          ElliteHa
          April 25, 2025

          While setting up Adobe I/O CLI to interact with API Mesh for Adobe Commerce and AEM integration, I completed the installation of Node.js, npm, and aio CLI. After running aio auth: login, authentication completes successfully. However, running aio api-mesh describe from a Windows command prompt within a corporate network throws:"UNABLE_TO_GET_LOCAL_ISSUER_CERT_LOCALLY". It can occur when an SSL certificate cannot be verified or confirmed due to the absence or lack of the issuer’s certificate in the local trust store. This seems related to SSL certificate validation behind a corporate proxy.

           

          Since the CLI doesn't proceed to let me select organization, workspace, or project, I’m looking into possible ways to configure trusted certificates or bypass strict validation in this setup. Has anyone dealt with something similar and found a reliable approach? While figuring out the issue, I found a helpful resource guide and followed the steps, You can also check it out at:- https://cheapsslweb.com/blog/fixing-unable-to-get-issuer-cert-locally-error/. I hope it helps!

          P
          Adobe Employee
          parusselAdobe Employee
          Adobe Employee
          April 25, 2025

          You can specify your own CA for internal certs: 

           

          set NODE_EXTRA_CA_CERTS=C:\\path\\to\\certificate.pem
          Terms & ConditionsAccessibility statement

          Loading footer...