Claude Desktop Code tab ignores NODE_EXTRA_CA_CERTS on Windows MSIX install behind corporate SSL proxy
Environment
- Claude Desktop version: 1.14271.0.0 (MSIX/Windows Store install)
- Platform: Windows 11 Enterprise
- Backend: Corporate LMG gateway behind SSL inspection proxy (self-signed cert)
- Leidos Cloud PKI Root CA-2 installed in Windows trusted root store
Describe the bug
The Claude Desktop Code tab fails with a cert error when behind a corporate SSL inspection proxy, even after correctly configuring NODE_EXTRA_CA_CERTS. The terminal Claude Code CLI works fine with the same cert configuration.
Error shown in Code tab:
API Error: Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates
Exit code in logs:
Failed to get commands from temporary query {
error: Error: Claude Code process exited with code 3
What was tried
NODE_EXTRA_CA_CERTSset as a Windows User environment variable pointing to the CA cert — ignored by Desktop (MSIX sandboxed app does not inherit Windows user env vars)envblock added toclaude_desktop_config.jsonwithNODE_EXTRA_CA_CERTS— Desktop rewrites this file on every restart, stripping unknown fields including theenvblockNODE_EXTRA_CA_CERTSadded tosettings.jsonenv block — passed to theclaude.exesubprocess but the Electron layer itself still fails cert validation before the subprocess starts- CA cert imported into Windows
LocalMachine\Roottrusted store — Electron ignores Windows system cert store and uses its own bundled store
Root cause
Claude Desktop's Electron layer uses its own bundled cert store and does not use NODE_EXTRA_CA_CERTS or the Windows system cert store for its own TLS connections (OAuth, session init, etc.). The claude.exe subprocess it spawns can be configured via settings.json, but the Electron layer's startup queries (get commands, get agents) fail before the subprocess even starts.
Expected behavior
NODE_EXTRA_CA_CERTS configured in claude_desktop_config.json (or another durable config location) should be respected by the Electron process itself, not just the subprocess it spawns. Alternatively, an --use-system-ca-store flag or equivalent should be supported for enterprise deployments.
Workaround
Use the terminal Claude Code CLI instead of Desktop's Code tab. The CLI correctly reads NODE_EXTRA_CA_CERTS from settings.json env block and works behind the corporate proxy.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗