Q22 of 40 · Karate
How does Karate handle SSL/TLS issues for testing?
Short answer
Short answer: Add configure ssl = true in karate-config.js to skip SSL certificate validation for self-signed certs. For mutual TLS, use configure ssl = { keyStore: 'classpath:certs/client.p12', keyStorePassword: 'pass', keyStoreType: 'PKCS12' }. Restrict ssl=true to non-production environments — it silently accepts any certificate.
Detail
Karate wraps Apache HttpClient and exposes its SSL configuration via karate.configure:
Disable certificate validation (self-signed certs in dev/test):
// In karate-config.js
karate.configure('ssl', true);
Or per-feature:
* configure ssl = true
Trust a specific CA (better than disabling validation):
karate.configure('ssl', {
trustStore: 'classpath:certs/test-ca.jks',
trustStorePassword: 'changeit',
trustStoreType: 'JKS'
});
Mutual TLS (client certificate + server CA):
karate.configure('ssl', {
keyStore: 'classpath:certs/client.p12',
keyStorePassword: 'clientpass',
keyStoreType: 'PKCS12',
trustStore: 'classpath:certs/server-ca.jks',
trustStorePassword: 'changeit'
});
Environment guard: configure ssl=true only for non-prod environments inside the karate-config.js env check. Production and staging should have valid certs — ssl=true against staging masks cert expiry issues before they hit prod.
// EXAMPLE
karate-config.js (SSL section)
function fn() {
var env = karate.env || 'dev';
var config = { baseUrl: 'http://localhost:8080' };
if (env === 'dev') {
config.baseUrl = 'https://localhost:8443';
// Self-signed cert in local dev — disable validation
karate.configure('ssl', true);
}
if (env === 'staging') {
config.baseUrl = 'https://staging.api.example.com';
// Staging uses a valid cert from a private CA — trust it specifically
karate.configure('ssl', {
trustStore: 'classpath:certs/staging-ca.jks',
trustStorePassword: 'changeit'
});
}
if (env === 'prod') {
config.baseUrl = 'https://api.example.com';
// Production has a valid public cert — no SSL config needed
}
return config;
}