Summary
After the Axios migration, requests behind a corporate MITM proxy (which injects a custom CA certificate) fail with CERT_UNTRUSTED / unable to verify the first certificate.
Steps to reproduce
- Set
NODE_EXTRA_CA_CERTS=/path/to/corp-ca.pem in the system environment
- Open VS Code + Thunder Client behind a corporate MITM proxy (Zscaler, BlueCoat, etc.)
- Make any HTTPS request
Result: SSL error — CERT_UNTRUSTED
Expected: Request succeeds, same as before the Axios migration
Root cause
NODE_EXTRA_CA_CERTS is a standard Node.js mechanism for injecting extra CA certificates into the TLS trust store. The previous HTTP client honored it automatically. Axios does not pick it up by default — it uses its own TLS configuration and ignores this env var unless explicitly wired.
Workaround
None currently. Users in corporate environments with MITM SSL inspection are blocked.
Request
Either:
- Read
NODE_EXTRA_CA_CERTS at startup and pass the cert to Axios's httpsAgent CA option, or
- Provide a Thunder Client setting to specify a custom CA certificate path
This is a regression introduced by the Axios migration that affects all corporate users behind MITM proxies.
Summary
After the Axios migration, requests behind a corporate MITM proxy (which injects a custom CA certificate) fail with
CERT_UNTRUSTED/unable to verify the first certificate.Steps to reproduce
NODE_EXTRA_CA_CERTS=/path/to/corp-ca.pemin the system environmentResult: SSL error —
CERT_UNTRUSTEDExpected: Request succeeds, same as before the Axios migration
Root cause
NODE_EXTRA_CA_CERTSis a standard Node.js mechanism for injecting extra CA certificates into the TLS trust store. The previous HTTP client honored it automatically. Axios does not pick it up by default — it uses its own TLS configuration and ignores this env var unless explicitly wired.Workaround
None currently. Users in corporate environments with MITM SSL inspection are blocked.
Request
Either:
NODE_EXTRA_CA_CERTSat startup and pass the cert to Axios'shttpsAgentCA option, orThis is a regression introduced by the Axios migration that affects all corporate users behind MITM proxies.