Disabled SSL verification in n8n
Why disabling SSL verification exposes your workflow to man-in-the-middle attacks
What is this issue?
Disabled SSL verification means the HTTP Request node is configured to ignore certificate validation. This allows connections to endpoints with invalid, expired, or self-signed certificates—but also makes your workflow vulnerable to interception.
Common causes:
•Testing with self-signed certificates•Connecting to internal servers without proper CA•Quick fix for certificate errors during development•Forgotten setting left in production
Why is this dangerous?
Man-in-the-middle attacks
Attackers can intercept and modify traffic between n8n and the target server without detection.
Credential theft
API keys, tokens, and passwords sent over the connection can be captured by attackers.
Data tampering
Response data can be modified in transit, causing your workflow to process malicious data.
Compliance violations
Most security standards (PCI-DSS, HIPAA, SOC2) require proper TLS verification.
How to fix it
- 1
Enable SSL verification
In the HTTP Request node options, ensure 'Ignore SSL Issues' is set to false (the default).
- 2
Fix certificate issues properly
If the target server has certificate issues, fix them at the source rather than disabling verification.
- 3
Add CA certificates
For internal CAs, configure NODE_EXTRA_CA_CERTS environment variable in n8n to trust your organization's certificates.
- 4
Use proper certificates
For development, use tools like mkcert to create locally-trusted certificates instead of disabling SSL.
Scan your workflow now
Upload your n8n workflow JSON and instantly detect disabled SSL verification and other security vulnerabilities.