Skip to content
Latchkey

Newman "self signed certificate" TLS error in CI

Newman established a TLS connection but could not validate the server certificate chain, because the test API serves a self-signed or internally-signed certificate the runner does not trust. The request errors before any assertion runs.

What this error means

Newman fails requests with "Error: self signed certificate" or "unable to verify the first certificate" against an HTTPS base URL.

newman
  GET Get user
    Error: self signed certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)

Common causes

The test API uses a self-signed certificate

A staging or ephemeral test endpoint presents a certificate signed by a CA not in the runner trust store, so verification fails.

A corporate proxy intercepts TLS

A TLS-inspecting proxy re-signs traffic with an internal CA the runner does not trust, breaking the chain Newman validates.

How to fix it

Disable verification only for a test endpoint

Use --insecure to skip certificate validation. Do this only against a throwaway test API, never a production target.

Terminal
newman run collection.json -e ci.postman_environment.json --insecure

Trust the CA properly instead

For an internal CA, point Node at the CA bundle so the chain validates without disabling verification.

Terminal
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/corp-ca.pem
newman run collection.json -e ci.postman_environment.json

How to prevent it

  • Reserve --insecure for disposable test endpoints only.
  • Trust an internal CA via NODE_EXTRA_CA_CERTS rather than disabling verification.
  • Use properly signed certificates for any long-lived staging target.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →