aws-toolkit-vscode icon indicating copy to clipboard operation
aws-toolkit-vscode copied to clipboard
verified publisher icon aws

Amazon Q self-signed certificate in certificate chain in VSCode

Open shunia opened this issue 7 months ago • 2 comments

Problem

When trying to chat in VSCode, the response shows as "self-signed certificate in certificate chain", while the inline completion feature works fine.

Steps to reproduce the issue

We are having an enterprise network here with self-signed certs, but all the settings have been done in windows system, it's been fixed for other extension before, but now Amazon Q seems not to work with there settings. What we have done here includes:

  1. Set VSCode Http: Proxy Support to override
  2. Add system environment variables NODE_EXTRA_CA_CERTS=path/to/certs and NODE_OPTIONS=--use-openssl-ca
  3. Tried VSCode settings "http.experimental.systemCertificatesV2": true

None of the above is working

Expected behavior

Inline Completion and Chat should both work, or they should just won't work altogether.

System details (run AWS: About and/or Amazon Q: About)

  • OS: Windows 10
  • Visual Studio Code version: 1.100.2
  • AWS Toolkit version: Not installed
  • Amazon Q version: 1.70.0

shunia avatar May 30 '25 02:05 shunia

related:

  • https://github.com/aws/aws-toolkit-vscode/issues/185

justinmk3 avatar May 30 '25 17:05 justinmk3

Amazon Q is getting blocked in my org

bibinmjose avatar Jun 13 '25 04:06 bibinmjose

any updates?

freshdip avatar Aug 07 '25 21:08 freshdip

Just an update, we had to shut off the SSL inspection to the following: URL's: https://codewhisperer.us-east-1.amazonaws.com (Inline,Chat, QSDA,...) https://q.us-east-1.amazonaws.com (Inline,Chat, QSDA....)

This fixed the issue for me.

Reference: https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/endpoints.html#w8aac13c19b9

freshdip avatar Aug 07 '25 21:08 freshdip