Adobe Developer

SrikanthPo3 · 1/21/25

Hi All,

I am trying to set up aio CLI to perform certain operations on API Mesh part of Adobe Commerce integration with AEM. After installing node, npm and aio CLI, running aio auth:login command, authentication is successful but running aio api-mesh describe command gives below error. I am within a corporate network, executing from windows command prompt. Can anyone help in getting this issue resolved? I am unable to select organization/workspace/project because of this issue.

C:\Users\spogula>aio api-mesh describe
| Getting Organizations...    CoreConsoleAPIError: [CoreConsoleAPISDK:ERROR_GET_ORGANIZATIONS] FetchError: request to https://developers.adobe.io/console/organizations failed, reason: unable to get local issuer certificate
        at ClientRequest.<anonymous> (C:\Users\spogula\AppData\Local\@adobe\aio-cli\node_modules\@adobe\aio-lib-core-networking\node_modules\node-fetch\lib\index.js:1501:11)
        at ClientRequest.emit (node:events:513:28)
        at TLSSocket.socketErrorListener (node:_http_client:502:9)
        at TLSSocket.emit (node:events:513:28)
        at emitErrorNT (node:internal/streams/destroy:151:8)
        at emitErrorCloseNT (node:internal/streams/destroy:116:3)
        at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
      type: 'system',
      errno: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
      code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
    }
    Code: ERROR_GET_ORGANIZATIONS

sarav_prakash · 2/3/25

Got it. Then narrows to zscaler, local firewall blocking. In my case, my offshore only work against same dev workspace in single AIO project. Stage and Prod, I was taking care as I dont have zscaler issue. So it was one time issue for offshore.

In your case, if you are multiple times switching workspaces or AIO projects, your network team must allow the adobe certs. You may need to raise your network team request stating zscaler is blocking adobe certs.

View solution in original post

SrikanthPo3 · 1/21/25

node -v : v18.16.0
npm -v : 9.5.1
aio -v : @Deleted Account/aio-cli/10.3.1 win32-x64 node-v18.16.0

rojoangel · 1/21/25

Hi @SrikanthPo3,

before running

aio api-mesh describe

could you try selecting manually the org, project, and workspace to use by running these commands?

aio console org select
# and select your IMS Org

aio console project select
# and select the console project that contains your API Mesh

aio console workspace select
# and select the workspace where your API Mesh is or will be deployed

# link your local project with the App Builder project in the Adobe Dev Console
aio app use

Ref: https://developer.adobe.com/graphql-mesh-gateway/mesh/basic/work-with-mesh/#select-a-project-or-work...

SrikanthPo3 · 1/31/25

Hi @rojoangel

aio console org select is giving the same error as above. Our organization is using pac file for controlling traffic and SSL bypass is not a viable option as per our IT team. Is there an option to pass/set proxy to aio commands?

sarav_prakash · 1/30/25

Many times cert errors are related to local firewall. Can you please try outside VPN, VDI or any turn off any firewall tools like ZScalar. For my offshore team, zscalar blocks a lot of traffic, and turning off many times resolved such cert errors.

sarav_prakash · 1/30/25

If for local, easier fix is to, simply turn off global cert validation using

npm config set strict-ssl false

and

SET NODE_TLS_REJECT_UNAUTHORIZED=0       //For Windows command line

But this is not recommended. Its ok to temporarily turn off and reset later.

SrikanthPo3 · 1/31/25

Hi @sarav_prakash

I have both these configured but still I get the same error with additional warning when NODE_TLS_REJECT_UNAUTHORIZED=0 is set.

sarav_prakash · 2/1/25

Got it. many times its local firewall blocking. If you see zscaler running in machine, request your helpdesk to temporarily disable or get admin rights temporarily so you can disable. my offshore faced same error and thats how they solved it.

SrikanthPo3 · 2/2/25

Hi @sarav_prakash

Do I need to disable zscaler every time I want to run aio commands? Or is it the first time only? I am afraid our orgnization's IT team may not agree to disable Zscaler. Can you please suggest any other alternate solutions for this?

sarav_prakash · 2/3/25

Got it. Then narrows to zscaler, local firewall blocking. In my case, my offshore only work against same dev workspace in single AIO project. Stage and Prod, I was taking care as I dont have zscaler issue. So it was one time issue for offshore.

In your case, if you are multiple times switching workspaces or AIO projects, your network team must allow the adobe certs. You may need to raise your network team request stating zscaler is blocking adobe certs.

ElliteHa · 4/25/25

While setting up Adobe I/O CLI to interact with API Mesh for Adobe Commerce and AEM integration, I completed the installation of Node.js, npm, and aio CLI. After running aio auth: login, authentication completes successfully. However, running aio api-mesh describe from a Windows command prompt within a corporate network throws:"UNABLE_TO_GET_LOCAL_ISSUER_CERT_LOCALLY". It can occur when an SSL certificate cannot be verified or confirmed due to the absence or lack of the issuer’s certificate in the local trust store. This seems related to SSL certificate validation behind a corporate proxy.

Since the CLI doesn't proceed to let me select organization, workspace, or project, I’m looking into possible ways to configure trusted certificates or bypass strict validation in this setup. Has anyone dealt with something similar and found a reliable approach? While figuring out the issue, I found a helpful resource guide and followed the steps, You can also check it out at:- https://cheapsslweb.com/blog/fixing-unable-to-get-issuer-cert-locally-error/. I hope it helps!

parussel · 4/25/25

You can specify your own CA for internal certs:

set NODE_EXTRA_CA_CERTS=C:\\path\\to\\certificate.pem

Adobe Developer

aio commands give local issuer certificate error

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe