Skip to content

[BUG] NODE_EXTRA_CA_CERTS is not effective when set in ~/.claude/settings.json #22512

Closed as not planned
Closed as not planned
[BUG] NODE_EXTRA_CA_CERTS is not effective when set in ~/.claude/settings.json#22512
Labels
area:corearea:securitybugSomething isn't workinghas reproHas detailed reproduction stepsplatform:macosIssue specifically occurs on macOSplatform:windowsIssue specifically occurs on WindowsstaleIssue is inactive
@zoltan-magyar

Description

@zoltan-magyar
zoltan-magyar
opened on Feb 2, 2026

Preflight Checklist

  • I have searched existing issues and this hasn't been reported yet
  • This is a single bug report (please file separate reports for different bugs)
  • I am using the latest version of Claude Code

What's Wrong?

This bug has been reported already in #10458

The issue still persists in the same way, since the issue was closed, I decided to create a duplicate.

When the NODE_EXTRA_CA_CERTS or SSL_CERT_FILE environment variables are set in ~./.claude/settings.json, they are not respected when requests are sent. Even though /status reports that additional CAs are set.

If they are set as environment variables (in any shell) before launching claude, they are respected.

What Should Happen?

{
  "env": {
    "ANTHROPIC_AUTH_TOKEN": "<AUTH_TOKEN>",
    "ANTHROPIC_BASE_URL": "<BASE_URL>",
    "NODE_EXTRA_CA_CERTS": "<PATH_TO_CA>",
    "SSL_CERT_FILE": "<PATH_TO_CA>"
  }
}

With the following configuration claude should be able to send requests to the BASE_URL, instead I get Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates.

If NODE_EXTRA_CA_CERTS is set before launching in shell, it works.

Error Messages/Logs

Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates

Steps to Reproduce

  1. Use a settings.json file with a ANTHROPIC_BASE_URL that has a self-signed certificate
  2. Set NODE_EXTRA_CA_CERTS environment variable in settings.json to the correct certificate
  3. Requests will fail with Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates

Claude Model

None

Is this a regression?

I don't know

Last Working Version

No response

Claude Code Version

2.1.29

Platform

Other

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

I reproduced this issue with on both Windows and macOS, with fish shell and powershell.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:corearea:securitybugSomething isn't workinghas reproHas detailed reproduction stepsplatform:macosIssue specifically occurs on macOSplatform:windowsIssue specifically occurs on WindowsstaleIssue is inactive

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions