Skip to content

Axios migration broke NODE_EXTRA_CA_CERTS / corp MITM cert trust #1758

Description

@chirag127

Summary

After the Axios migration, requests behind a corporate MITM proxy (which injects a custom CA certificate) fail with CERT_UNTRUSTED / unable to verify the first certificate.

Steps to reproduce

  1. Set NODE_EXTRA_CA_CERTS=/path/to/corp-ca.pem in the system environment
  2. Open VS Code + Thunder Client behind a corporate MITM proxy (Zscaler, BlueCoat, etc.)
  3. Make any HTTPS request

Result: SSL error — CERT_UNTRUSTED
Expected: Request succeeds, same as before the Axios migration

Root cause

NODE_EXTRA_CA_CERTS is a standard Node.js mechanism for injecting extra CA certificates into the TLS trust store. The previous HTTP client honored it automatically. Axios does not pick it up by default — it uses its own TLS configuration and ignores this env var unless explicitly wired.

Workaround

None currently. Users in corporate environments with MITM SSL inspection are blocked.

Request

Either:

  • Read NODE_EXTRA_CA_CERTS at startup and pass the cert to Axios's httpsAgent CA option, or
  • Provide a Thunder Client setting to specify a custom CA certificate path

This is a regression introduced by the Axios migration that affects all corporate users behind MITM proxies.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions