+ Start a Discussion
Bryan BurmanBryan Burman 

"Unable to verify the first certificate" When Logging In Using SFDX

I am unable to successfully login using the Salesforce DX CLI. I have tried numerous techniques, all to no avail. In am on Windows 10 utilizing the latest version of the CLI from Powershell and Google Chrome as my web browser.

As a side note, the "sfdx update" command works successfully.

Technique 1. When logging in using what is supposed to be the easiest approach by using force:auth:web:login, the CLI opens a web browser. Once I enter my credentials, the OAuth flow calls back into localhost:1717, but apparently the CLI isn't listening. Chrome complains with an ERR_EMPTY_RESPONSE and no response payload. Command line indicates "Unable to verify the first certificate." Turning on logging (even at the trace level) does not reveal any additional information.

Technique 2. I created a self-signed certificate using openssl along with a new connected app. Then using the CLI, I utilized the force:auth:jwt:grant function. This failed with the same error message as above: "Unable to verify the first certificate."

Technique 3. I disabled SSL verification and strict SSL in npm and forced the CLI to go through Fiddler. I then configured Fiddler to ignore certificate errors. Still, neither one of the above techniques worked after this.

Any idea what I'm doing wrong?
Mouhamed N'DIONGUEMouhamed N'DIONGUE
Hi,
Do you have found any solution for this ? I have the exact same error and have used same technics. I have the issue only when I use my professional computer that is behind a proxy but with my personnal PC no problem. It seems like the problem comes from the specifications of the intermediate certificates.
Rafael Martins Dos SantosRafael Martins Dos Santos
Hi,

Did someone found the answer?
I'm having the same problem.
Problem with port 1717 and the certificate using the VS Code. 
Akshay Jain 109Akshay Jain 109
Hi,

Your firewall should allow access to localhost:1717, your computer should have a free port at 1717 (meaning, only one copy of the command line should be running at once), you should update your command line to the latest version via sfdx update, or as a final resort, try reinstalling the command line. You might also need the assistance of IT if your firewall, antivirus, or some other configuration is blocking access to localhost.
Akshay Jain 109Akshay Jain 109
This issue may arise when you are working from a restricted desktop eg from office desktop. Try using your personal desktop and the issue will be resolved.
Jirong HuJirong Hu
I just updated the CLI to the latest, and now give me a new error says "r: Error authenticating with JWT config due to: certificate has expired