Certificates
Certificates perform two functions in NIM:
Certificates are stored (encrypted) in C:\ProgramData\Tools4ever\NIM\config\certs
.
All certificates imported into NIM must be in .pfx
or .p12
format. Certificates used to connect to REST systems must be obtained from the provider (e.g., Microsoft or Google). For HTTPS, self-signed certificates may be used.
To import a certificate, Add a certificate.
To enable HTTPS, Configure HTTPS.
In order to be notified of a pending certificate expiration, follow along with the Certificate Expiration Notification Tutorial.
Troubleshooting
In some cases, the certificate list will not load. Inspect the NIM logs and look for errors such as the following:
{"context":"","level":"verbose","message":"ACME: HTTP request: get https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:27.325Z"} {"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 1/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:27.408Z"} {"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 5 seconds","timestamp":"2025-08-22T17:42:27.408Z"} {"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 2/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:32.512Z"} {"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 10 seconds","timestamp":"2025-08-22T17:42:32.512Z"} {"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 3/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:42.604Z"} {"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 15 seconds","timestamp":"2025-08-22T17:42:42.604Z"} {"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 4/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:57.693Z"} {"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 20 seconds","timestamp":"2025-08-22T17:42:57.693Z"} {"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 5/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:43:17.764Z"} {"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 25 seconds","timestamp":"2025-08-22T17:43:17.765Z"}
Such errors mean that there is an error in web filtering or there is a certificate that is not trusted. To resolve this issue, you can make a change to NIM's registry keys.
On the NIM server, open the registry editor.
Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIM\
.Create a new key called
env
.Depending on your need, create one or both of the following String values:
NODE_EXTRA_CA_CERTS. NIM will trust certificate files listed in this value. Provide the full path to the .cer file. E.g.,
C:\ProgramData\Tools4ever\NIM\config\certs\MyCert.cer
NODE_TLS_REJECT_UNAUTHORIZED. Set this value to
0
to allow NIM to accept unauthorized certificates.
