You’re running your test suite on LambdaTest. Everything works locally. Then you see it:

SSL: CERTIFICATE_VERIFY_FAILED

Or maybe:

self signed certificate in certificate chain

Or the cryptic:

Navigation caused the user agent to hit a certificate warning

These errors kill your CI pipeline and waste hours of debugging. The fix depends on which specific error you’re hitting and where it’s coming from. If you’re new to LambdaTest, see our LambdaTest setup guide first.

Here’s every SSL certificate error you’ll encounter on LambdaTest and how to fix each one.

Quick Diagnosis: Which Error Do You Have?

Error Message Cause Jump To
SSL: CERTIFICATE_VERIFY_FAILED Python/pip can’t verify package sources Python Fix
self signed certificate in certificate chain Git/Maven hitting self-signed cert Maven/Git Fix
certificate error while testing locally Local app has invalid/self-signed cert MITM Mode
Navigation caused the user agent to hit a certificate warning Browser blocking untrusted site Selenium Capabilities
unable to load certificate iOS automation certificate issue iOS Fix

Python/pip SSL Errors

The most common error when running Python tests on LambdaTest HyperExecute:

There was a problem confirming the ssl certificate:
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded
(Caused by SSLError(SSLCertVerificationError(1,
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self signed certificate in certificate chain (_ssl.c:1131)')))

This happens when your CI environment can’t verify PyPI’s SSL certificate — usually due to corporate firewalls or proxy servers intercepting HTTPS traffic.

The Fix

Add trusted hosts to your pip install command:

bash 
pip install -r requirements.txt \
  --trusted-host pypi.org \
  --trusted-host pypi.python.org \
  --trusted-host files.pythonhosted.org

For HyperExecute, add this to your hyperexecute.yaml:

yaml 
pre:
  - pip install -r requirements.txt --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org

If trusted hosts don’t work, you can disable verification entirely:

bash 
pip install -r requirements.txt --trusted-host pypi.org --cert=""

Or set the environment variable:

bash 
export PYTHONHTTPSVERIFY=0

Warning: This bypasses SSL security entirely. Only use this in controlled CI environments, never in production. For general LambdaTest issues, see LambdaTest Not Working.

Maven and Git SSL Errors

Maven SSL Errors

When running Java/Maven projects:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

The Fix

Add these flags to your Maven command:

bash 
mvn test \
  -Dmaven.wagon.http.ssl.insecure=true \
  -Dmaven.wagon.http.ssl.allowall=true \
  -Dmaven.wagon.http.ssl.ignore.validity.dates=true

For HyperExecute:

yaml 
pre:
  - mvn install -DskipTests -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

Git SSL Errors

When cloning repositories:

SSL certificate problem: self signed certificate in certificate chain

The Fix

Disable SSL verification for Git:

bash 
git config --global http.sslVerify false

Or for a single command:

bash 
GIT_SSL_NO_VERIFY=true git clone https://your-repo.git

Note: Only disable SSL verification for internal/enterprise Git servers with self-signed certificates. Never disable it for public repositories. See LambdaTest Slow? HyperExecute Limits for performance optimization.

Local Testing with MITM Mode

Testing a locally hosted application that doesn’t have a valid SSL certificate? You’ll see:

certificate error while testing on LambdaTest for locally hosted URLs

Or the browser will show “This connection is not secure” and block your test.

The Fix: Enable MITM Mode

LambdaTest Tunnel’s MITM (Man-in-the-middle) mode intercepts SSL traffic and handles certificate validation for you.

bash 
LT --user [email protected] \
   --key YOUR_ACCESS_KEY \
   --tunnelName MyTunnel \
   --mitm

This allows you to test:

  • Localhost applications without SSL
  • Staging environments with self-signed certificates
  • Internal applications with expired certificates

For more tunnel issues, see BrowserStack Local Keeps Dropping — the same principles apply.

YAML Configuration

You can also configure MITM in a .lt.yaml file:

yaml 
user: [email protected]
key: YOUR_ACCESS_KEY
tunnelName: MyTunnel
mitm: true

Then just run:

bash 
LT

The tunnel will automatically pick up the configuration.

Handling SSL in Selenium

When your application under test has an untrusted certificate, the browser blocks it. According to the Selenium documentation, different browsers show different errors:

  • Chrome: “Your connection is not private”
  • Firefox: “Warning: Potential Security Risk Ahead”
  • Edge: “Your connection isn’t private”

The Fix: Browser Capabilities

Tell Selenium to accept insecure certificates:

Chrome:

java 
ChromeOptions options = new ChromeOptions();
options.setAcceptInsecureCerts(true);

// Or using capabilities
DesiredCapabilities caps = new DesiredCapabilities();
caps.setCapability("acceptInsecureCerts", true);

Firefox:

java 
FirefoxOptions options = new FirefoxOptions();
options.setAcceptInsecureCerts(true);

Edge:

java 
EdgeOptions options = new EdgeOptions();
options.setAcceptInsecureCerts(true);

LambdaTest Capabilities

Add to your LambdaTest capabilities:

json 
{
  "browserName": "Chrome",
  "browserVersion": "latest",
  "LT:Options": {
    "acceptInsecureCerts": true,
    "tunnel": true,
    "tunnelName": "MyTunnel"
  }
}

iOS Certificate Errors

Running iOS automation and seeing:

An unknown server-side error occurred while processing the command.
Original error: unable to load certificate

This typically happens when:

  1. The certificate file path is incorrect
  2. The certificate format is wrong (should be .pem or .p12)
  3. The certificate is corrupted

The Fix

For Appium iOS testing, ensure your certificate is properly formatted:

java 
DesiredCapabilities caps = new DesiredCapabilities();
caps.setCapability("app", "YOUR_APP_URL");
caps.setCapability("autoAcceptAlerts", true);
// Don't set custom certificate paths unless absolutely necessary

If you must use a custom certificate:

java 
caps.setCapability("customSSLCert", "/path/to/certificate.pem");

Pro tip: Most iOS certificate errors are actually caused by the app itself, not the test infrastructure. Check if your app’s API endpoints have valid certificates.

Debugging SSL Issues

When none of the above fixes work, you need to dig deeper.

Check Tunnel Logs

Run LambdaTest Tunnel with verbose logging:

bash 
LT --user [email protected] \
   --key YOUR_ACCESS_KEY \
   --tunnelName MyTunnel \
   --logFile tunnel.log \
   --verbose

Look for lines containing:

  • SSL
  • certificate
  • TLS
  • handshake

Test the Connection Manually

Before running tests, verify the tunnel can reach your application:

bash 
curl -v -x localhost:8080 https://your-local-app.test

If curl fails with SSL errors, the tunnel will too.

Check Corporate Firewall

Many SSL issues come from corporate firewalls doing TLS inspection. Signs this is happening:

  • Works on your laptop, fails in CI
  • Works on home network, fails in office
  • Certificate errors mention your company’s name

Talk to your IT team about whitelisting LambdaTest domains:

  • *.lambdatest.com
  • hub.lambdatest.com
  • api.lambdatest.com

The Nuclear Option: Skip SSL Entirely

If you’ve tried everything and SSL is still breaking your tests, you have one last option: run your local app without SSL.

bash 
# Instead of https://localhost:8443
# Use http://localhost:8080

Then configure your test to use HTTP:

java 
driver.get("http://localhost:8080");

This isn’t ideal for testing SSL-specific functionality, but it unblocks your functional tests.

FAQ

Why does SSL work locally but fail on LambdaTest?

Your local machine trusts certificates that LambdaTest’s infrastructure doesn’t. This includes:

  • Corporate CA certificates
  • Self-signed development certificates
  • Certificates installed in your system keychain

LambdaTest VMs start fresh and only trust standard CA certificates.

Can I upload my own CA certificate to LambdaTest?

Not directly. Use MITM mode instead — it handles certificate interception without requiring custom CA installation.

Do I need MITM mode for production URLs?

No. MITM mode is only for local/staging environments with invalid certificates. Production sites with valid SSL certificates work without any special configuration.

Will accepting insecure certificates affect my test results?

For functional testing, no. The browser will behave the same way once it accepts the certificate. However, you won’t be testing the actual SSL handshake — if that’s important, you need valid certificates.

Still Fighting SSL Errors?

Cloud testing infrastructure means debugging certificate chains you don’t control, tunnel configurations that add latency, and corporate firewalls that break everything.

There’s a simpler approach: run tests on devices you own. No tunnels. No certificate proxying. No corporate firewall interference.

DeviceLab connects your existing devices into a distributed test lab. Your tests run directly on your hardware, on your network. SSL just works because there’s nothing in between.

Check out LambdaTest alternatives if you’re considering a switch.