New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS CodeWhisperer for Visual Studio - self-signed certificate in certificate chain #403
Comments
Thanks for bringing this issue to our attention. Do you have CAs registered on your Windows workstation for the self-signed certificates? Can you provide more detail on how you narrowed it down to NetSkope? |
Our corporate ones do, yes. The reasons I focused on NetSkope were:
|
The CodeWhisperer feature utilizes NodeJS, which is where the networking error appears to be originating. As a workaround for now, you could try using NodeJS' own command line args to bypass the check as you were interested in doing in your original post. You could try to set |
I'm not sure if this is relevant, but CodeWhisperer / Amazon Q running in VSCode on the same machine works just fine out of the box. So it's definitely something specific to Visual Studio. Since you mentioned NodeJS, I have also tried with both Node 16.13 and 18.16 to see if the Node version was relevant. |
The issue is not replicable in VScode since unlike the AWS Toolkit for VSCode, the CodeWhisperer feature in Visual Studio utilizes a language server with NodeJS runtime. Based on your previous comment it seems like the cert you are using might be misconfigured, which is probably the reason for the error you are seeing. Once the cert is correctly configured and trusted, please reach out if you are still running into issues. |
We are seeing the same "self-signed certificate in certificate chain" messages in Visual Studio 2022 and our organisation is also using NetSkope. I've checked the certificate, and it looks correctly configured. Locally, the certificate is stored in the Intermediate Certificate Authorities folder. Is there anything else we should be checking for? Likewise, the VScode plugin works correctly. |
NetSkope is our corporate VPN/ZTN provider, so this is not something that I as a developer / user have any control over. Would be nice if the VS plugin provided a way to specify a flag (such as in configuration) to ignore these errors. |
Another thing to try in addition to the above mentioned workaround is to try setting env variable We'd recommend trying this with a test/dev environment only. |
This did not have any effect either. I'm currently in discussions with our NetSec team to see if they have any workarounds for this issue. |
Describe the bug
Upon installing the AWS Toolkit and setting up CodeWhisperer to provide suggestions, no suggestions appear and the following message appears in the log every time a suggestion is requested with Alt-C:
This machine is on our corporate network, which uses self-signed certs for a number of services. Although I'm not certain, I believe the specific one in this case may be for NetSkope.
Many tools have an option to ignore self-signed certificate errors, but the AWS Toolkit settings pane does not appear to offer any such option.
To Reproduce
Expected behavior
CodeWhisperer allows self-signed certificates and generates code suggestions.
Toolkit Logs
*** Amazon Web Services log ***
*** Amazon CodeWhisperer Language Client logs ***
Development System (please complete the following information):
The text was updated successfully, but these errors were encountered: