Newman insecure not working

I am using flags -k and --insecure (I tried to use only one too), but I can’t get it to work, I run collection like this

newman run ./collection.json --ssl-client-cert-list ./ssl-client-cert.json -k --insecure

but I am still getting ssl errors. I tried different param order, changing ssl-client-cert-list to -ssl-client-cert and --ssl-client-key, but I always end up with ssl error

[errored] self-signed certificate

Confirmed that in curl when I use --cert --key --insecure there is no ssl error

newman run -h , shows -k and --insecure
newman -v , shows 6.0.0

I even tried setting NODE_TLS_REJECT_UNAUTHORIZED=0, and in that case I end up with this, when I run collection

(node:119) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to ‘0’ makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use node --trace-warnings ... to show where the warning was created)

I am running newman commands from container, newman is installed like this.

RUN npm install newman newman-reporter-xunit
&& apk -U add curl bash httpie py-pip jq
&& pip install yq

I got this error from ci/cd script and even if I manually get into container (docker exec -it id bash) and run newman command directly.

Any idea what is causing this problem ?

Edit: Tried with version 5.3.2 and i got the same ssl errors

As far as I can tell this might be an issue with the client certificate authentication, if that is the case it’s fundamentally different from the insecure flag.
If you have control over the server you might try to temporarily disable the client auth feature and retry the request, if this time it works then maybe the format for the certificate file you are providing is not completely supported in newman.
Postman works normally with encrypted pkcs12 files, I’ve never tried with a plain unencrypted or even encrypted private key but it should work as well.
in newman it should be something like this:
–ssl-client-cert your_cert.pem --ssl-client-key your_key.pem --ssl-client-passphrase your_password

Given that curl with --insecure works fine and there is no ssl error I doubt that it has something with server, unless --insecure works different in newman than in curl.

Either way, I resolved this by creating and configuring custom ca for dev env, so that I don’t have to use insecure at all

Hi @maciaraf ,

Thanks for reaching out about this. I can see you’ve done your due diligence in trying to troubleshoot this, but let’s break down the problem and try to present a few potential solutions.

  1. Verify Certificate: First and foremost, verify that the certificate and the key you’re providing are correct and match. Sometimes, the issue can be as simple as pointing to the wrong files.
  2. Skip Verification: Since you’re using the -k or --insecure flag, Newman should bypass strict SSL. However, given the errors, it’s evident this isn’t working as expected. As a workaround, try the following environment variable before your Newman command:
    export NODE_EXTRA_CA_CERTS=[path_to_your_certificate]
    This will effectively inform Node.js to use the provided certificate for SSL.
  3. Config File: Sometimes, it’s easier to manage Newman settings using a config file. You can create a newmanrc.json in the root of your project with the following content:
        "insecure": true
    Then, when you run Newman, it will pick up this config by default.
  4. Debug: Consider adding the --verbose flag to your Newman command to see more detailed logs. This might give more insights into where the problem is coming from.
  5. Newman Image: If you’re using a Newman Docker image, ensure you’re pulling from the official source. Some unofficial images might have modifications or out-of-date versions.
  6. NODE_TLS_REJECT_UNAUTHORIZED: While you’ve tried setting it to 0, consider also running it directly in the command:
    This might differ from setting it in the environment separately.
  7. Version Issues: While you’ve tried both 6.0.0 and 5.3.2, consider dropping back even further to see if it’s a regression issue. It’s a long shot, but might be worth trying if all else fails.

I hope one of these helps! If not, please do reach out to our official support channel with some more detailed logs and specifics of your setup so that the team can further dig into the problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.