Hello,
my balenaOS image fails to connect to the cloud, same for CLI balena login.
balena login -debug gives:
FetchError: request to https://api.balena-cloud.com/user/v1/whoami failed, reason: unable to get local issuer certificate
at ClientRequest.<anonymous> (C:\MEINS\TOOLS\balena-cli\client\node_modules\node-fetch\lib\index.js:1461:11)
at ClientRequest.emit (events.js:326:22)
at ClientRequest.EventEmitter.emit (domain.js:483:12)
at TLSSocket.socketErrorListener (_http_client.js:427:9)
at TLSSocket.emit (events.js:314:20)
at TLSSocket.EventEmitter.emit (domain.js:483:12)
at emitErrorNT (internal/streams/destroy.js:92:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
at processTicksAndRejections (internal/process/task_queues.js:84:21)
I assume that is due to ZScaler proxy. I have its certificates but how get them into the OS and CLI?
by the way, can I work 100% locally on production using SSH as the manual says I need a dev image?
I understand you have the certificate in PEM format (-----BEGIN CERTIFICATE-----\nMIIE0zCCA7......hFjE0xd\n-----END CERTIFICATE-----), stored in a file say cert.pem.
For config.json you need to take the contents of the PEM file and base64-encode them using e.g. base64 -w0 < cert.pem then use the output for balenaRootCA in the config.json file.
For balena CLI, you need to populate the NODE_EXTRA_CA_CERTS variable, you can either prepend each command (e.g. NODE_EXTRA_CA_CERTS=cert.pem balena login) or do export NODE_EXTRA_CA_CERTS=cert.pem once at the very beginning and then use balena CLI as usual.
Windows: set NODE_EXTRA_CA_CERTS=C:\path\to\your\ca.pem
Use the UI to set a environment variable to make it more permanent. Noteca.pem should be just your CA.
but make sure don’t to use “…”, so
don’t: \balena-cli\bin>set NODE_EXTRA_CA_CERTS="C:\Users\...\Zscaler Root CA.cer"
do: \balena-cli\bin>set NODE_EXTRA_CA_CERTS=C:\Users\...\Zscaler Root CA.cer