diff --git a/test/js/node/test/parallel/test-tls-env-extra-ca.js b/test/js/node/test/parallel/test-tls-env-extra-ca.js
new file mode 100644
index 0000000000..2dd1e51190
--- /dev/null
+++ b/test/js/node/test/parallel/test-tls-env-extra-ca.js
@@ -0,0 +1,46 @@
+// Certs in NODE_EXTRA_CA_CERTS are used for TLS peer validation
+
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+
+const { fork } = require('child_process');
+
+if (process.env.CHILD) {
+  const copts = {
+    port: process.env.PORT,
+    checkServerIdentity: common.mustCall(),
+  };
+  const client = tls.connect(copts, common.mustCall(function() {
+    client.end('hi');
+  }));
+  return;
+}
+
+const options = {
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem'),
+};
+
+const server = tls.createServer(options, common.mustCall(function(s) {
+  s.end('bye');
+  server.close();
+})).listen(0, common.mustCall(function() {
+  const env = {
+    ...process.env,
+    CHILD: 'yes',
+    PORT: this.address().port,
+    NODE_EXTRA_CA_CERTS: fixtures.path('keys', 'ca1-cert.pem')
+  };
+
+  fork(__filename, { env, stdio: ["inherit", "inherit", "inherit", "ipc"] }).on('exit', common.mustCall(function(status) {
+    // Client did not succeed in connecting
+    assert.strictEqual(status, 0);
+  }));
+}));