Newman "self signed certificate" TLS error in CI
Newman established a TLS connection but could not validate the server certificate chain, because the test API serves a self-signed or internally-signed certificate the runner does not trust. The request errors before any assertion runs.
What this error means
Newman fails requests with "Error: self signed certificate" or "unable to verify the first certificate" against an HTTPS base URL.
GET Get user
Error: self signed certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)Common causes
The test API uses a self-signed certificate
A staging or ephemeral test endpoint presents a certificate signed by a CA not in the runner trust store, so verification fails.
A corporate proxy intercepts TLS
A TLS-inspecting proxy re-signs traffic with an internal CA the runner does not trust, breaking the chain Newman validates.
How to fix it
Disable verification only for a test endpoint
Use --insecure to skip certificate validation. Do this only against a throwaway test API, never a production target.
newman run collection.json -e ci.postman_environment.json --insecureTrust the CA properly instead
For an internal CA, point Node at the CA bundle so the chain validates without disabling verification.
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/corp-ca.pem
newman run collection.json -e ci.postman_environment.jsonHow to prevent it
- Reserve
--insecurefor disposable test endpoints only. - Trust an internal CA via NODE_EXTRA_CA_CERTS rather than disabling verification.
- Use properly signed certificates for any long-lived staging target.