---
title: "Check Certificate Validation Nodejs-env-var"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/check-certificate-validation-nodejs-env-var/
---


### Description

`NODE_TLS_REJECT_UNAUTHORIZED` is an environment variable used in Node.js to control TLS certificate verification behavior. This policy checks whether this environment variable is set to 0. By default, it is set to 1, which enables certificate verification.

### Kyverno policy

Refer to the Nirmata curated policies - [check-certificate-validation-nodejs-env-var](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/check-certificate-validation-nodejs-env-var/check-certificate-validation-nodejs-env-var.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM alpine:latest

ENV NODE_TLS_REJECT_UNAUTHORIZED=1

CMD ["sh", "-c", "echo 'Hello, World!'"]
```text