Information in this post is accurate as of 30/06/2020
This is my first post in quite a while, please feel free to let me know if I've made any mistakes or something doesn't read quite right :)
After seeing quite a lot of posts / news about deno I thought I'd give it a try. I'm already quite familar with NodeJS / Typescript so I was excited about the built in Typescript support, but alas I was stumped right from the welcome example :sigh:
I executed the example command
deno run https://deno.land/std/examples/welcome.ts hoping to see
Welcome to Deno 🦕 but instead I was greated with this fine error:
error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: tcp connect error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (os error 10060)
After a few seconds of pondering I remembered I'm behind a corporate proxy, I dug around the Deno manual and found the page on proxies. Amazing I thought, Deno supports the
HTTPS_PROXY environment variables just like NodeJS! So it set them, and executed the welcome command again.
error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: invalid certificate: UnknownIssuer
huh, another error... Looks like there is a certifiacte in the chain that isn't signed by a known certificate authority (issuer)
After some googling and GitHub issue searching, I concluded the following:
- I'm behind a corporate proxy that snoops on HTTPS traffic using a custom certificate that is stored in Windows
- Deno doesn't read certificate authrotiies from the OS.
- Deno relies on rustls for TLS/SSL connections, which in turn relies on webpki which has its own certificate store.
deno runcommand accepts a
--certflag, with a path to the certificate(s) in PEM format (E.G
deno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts(This flag isn't in the Deno manual (I'm looking to change that)).
After adding in the
--cert flag, and executing again, I got the welcome message
Welcome to Deno 🦕!
Hope you enjoyed the read :)
HTTPS_PROXYto your proxy address
- if your corporate proxy snoops on HTTPS traffic you'll need to export the certificate it uses in PEM format and put it somewhere safe
deno runwith the
--certflag set to the path to the exported PEM file (E.G
deno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts)