Open
Description
- Newman Version (can be found via
newman -v): 5.3.2 - OS details (type, version, and architecture): Win 10 x64
- Are you using Newman as a library, or via the CLI? Library in Node 16 app
- Did you encounter this recently, or has this bug always been there: always been there
- Expected behaviour: Newman should respect insecure and sslExtraCaCerts options to allow requests to sites with not valid certs
- Command / script used to run Newman:
newman.run({
collection: chosenCollection,
environment: chosenEnvironment,
folder: folder.name,
reporters: ['htmlextra'],
reporter: {
htmlextra: htmlExtraConfig
},
sslClientCert: path.join(__dirname, './some.cer'),
sslClientKey: path.join(__dirname, './secrets/some.key'),
sslClientPassphrase: secrets.passphrase,
sslExtraCaCerts: path.join(__dirname, './some-website.pem'),
insecure: true,
Steps to reproduce the problem:
- Have a collection with requests against https sites using self signed certificates
- Use newman as a lib inside a node application. (Node 16 used)
- Run the application and check result
- Newman has no problems running requests against websites with valid certificates. But running requests against sites with not-valid certificates returns HTTP-503 status with response body like:
Untrusted SSL Server Certificate
Your request contacted a host which presented a certificate signed by an untrusted issuer.
This is typically caused by a Web Site presenting an incorrect or invalid certificate, but could be because of a configuration error.
This error should not exist with option insecure: true set or with custom sslExtraCaCerts of the requested site.
Running this collection in postman works with switched off "SSL certificate validation"