当设置时,众所周知的 "root" CA(如 VeriSign)将使用 file 中的额外证书进行扩展。 该文件应包含一个或多个 PEM 格式的可信证书。 如果文件丢失或格式不正确,则将使用 process.emitWarning() 触发消息消息(一次),否则将忽略任何错误。

当为 TLS 或 HTTPS 客户端或服务器显式指定 ca 选项属性时,则既不会使用众所周知的证书,也不会使用额外的证书。

node 作为 setuid root 运行或设置了 Linux 文件功能时,则将忽略此环境变量。

NODE_EXTRA_CA_CERTS 环境变量仅在 Node.js 进程第一次启动时读取。 在运行时使用 process.env.NODE_EXTRA_CA_CERTS 更改值对当前进程没有影响。

When set, the well known "root" CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format. A message will be emitted (once) with process.emitWarning() if the file is missing or malformed, but any errors are otherwise ignored.

Neither the well known nor extra certificates are used when the ca options property is explicitly specified for a TLS or HTTPS client or server.

This environment variable is ignored when node runs as setuid root or has Linux file capabilities set.

The NODE_EXTRA_CA_CERTS environment variable is only read when the Node.js process is first launched. Changing the value at runtime using process.env.NODE_EXTRA_CA_CERTS has no effect on the current process.