How to Fix VS Code 'Self Signed Certificate' Errors (Corporate Proxy Guide)

intermediate💻 VS Code2026-07-06| VS Code (1.60+), Windows 10/11, macOS, Linux, Corporate Networks

Error Message

Error: self signed certificate in certificate chain
#vscode#ssl-error#proxy-settings#nodejs

The Problem ScenarioYou’re five minutes away from a deadline and need a critical extension like GitHub Copilot or Prettier. You hit 'Install,' but instead of a progress bar, VS Code throws a 'self signed certificate in certificate chain' error. It’s a classic corporate network headache.

This usually happens when you are working behind a firewall or a VPN that uses SSL inspection. The proxy intercepts your traffic and replaces the original certificate with its own. VS Code sees this 'unauthorized' middleman and kills the connection to keep you safe.

The Root Cause: Node.js vs. Your SystemVS Code runs on Electron and Node.js. By default, Node.js uses its own hardcoded list of trusted Root Certificate Authorities (CAs). It often ignores the certificates you’ve already installed in your Windows Certificate Store or macOS Keychain. When your company’s proxy injects a 2048-bit self-signed certificate into the chain, Node.js doesn't recognize it. The handshake fails immediately.

The 'Quick Fix' (Use with Caution)If you are on a tight deadline, you can tell VS Code to stop being so picky. This is the fastest way to get your extension working. Warning: This lowers your security. It stops VS Code from verifying the identity of the servers you connect to, which could theoretically expose you to real Man-in-the-Middle attacks.

  • Open VS Code Settings (Ctrl + ,).- Search for proxy strict ssl.- Uncheck Http: Proxy Strict SSL.Or, paste this directly into your settings.json:
{
  "http.proxyStrictSSL": false
}

Your extension should install instantly. Treat this as a temporary patch, not a permanent solution.

The Professional Fix: Sync with the System StoreModern VS Code versions (1.60 and later) include a built-in way to handle corporate proxies without disabling security. Instead of ignoring SSL errors, you can force VS Code to trust the same certificates your browser uses.

Method 1: Enable System Certificate Support- Go to Settings.- Search for system certificate.- Locate Http: System Certificate Proxy Support.- Change the setting from off to on.- Restart VS Code.This is the cleanest method. It allows VS Code to inherit the trust established by your IT department.

Method 2: The NODE_EXTRA_CA_CERTS VariableIf the setting above fails, you can manually point the underlying Node.js process to your company’s root certificate file (usually a .pem or .cer). Export your corporate CA from your browser or keychain first.

On Windows (PowerShell):

$env:NODE_EXTRA_CA_CERTS="C:\Users\Admin\Documents\corp-root-ca.pem"
code .

On macOS/Linux:

export NODE_EXTRA_CA_CERTS="/Users/name/certs/corp-root-ca.pem"
code .

To make this stick, add the variable to your System Environment Variables (Windows) or your .zshrc file (Mac/Linux).

Alternative: Terminal InstallationSometimes the GUI gets stuck while the terminal works fine. You can try forcing the installation via the Command Line Interface (CLI). This often inherits proxy settings from your shell more reliably than the Extension Marketplace UI:

code --install-extension esbenp.prettier-vscode

Verifying the FixDon't just assume it's fixed because the error vanished. Re-enable Http: Proxy Strict SSL and try searching for a new extension. Then, open the Output tab and select Log (Window) from the dropdown. If you don't see any SSL handshake warnings, you're in the clear.

Network Debugging TipsStill hitting a wall? The issue might be your proxy configuration or a misconfigured subnet. When I troubleshoot complex corporate segments, I often need to verify if a specific IP range is actually reachable. I use the Subnet Calculator on ToolCraft to check CIDR blocks and gateway addresses. It’s a lightweight, browser-based tool that doesn't require an install—perfect for locked-down corporate laptops.

SummaryThe self signed certificate error is a conflict between Node.js's strict defaults and your network's security layer. While turning off proxyStrictSSL works in a pinch, enabling System Certificate Proxy Support is the safer, professional choice for long-term development.

Related Error Notes