diff --git a/packages/agent/src/actor.test.ts b/packages/agent/src/actor.test.ts
index 972ffb217..753037eab 100644
--- a/packages/agent/src/actor.test.ts
+++ b/packages/agent/src/actor.test.ts
@@ -270,7 +270,11 @@ describe('makeActor', () => {
         // todo: add method to test update call after Certificate changes have been adjusted
       });
     };
-    const httpAgent = new HttpAgent({ fetch: mockFetch, host: 'http://127.0.0.1' });
+    const httpAgent = new HttpAgent({
+      fetch: mockFetch,
+      host: 'http://127.0.0.1',
+      verifyQuerySignatures: false,
+    });
     const canisterId = Principal.fromText('2chl6-4hpzw-vqaaa-aaaaa-c');
     const actor = Actor.createActor(actorInterface, { canisterId, agent: httpAgent });
     const actorWithHttpDetails = Actor.createActorWithHttpDetails(actorInterface, {
diff --git a/packages/agent/src/agent/http/http.test.ts b/packages/agent/src/agent/http/http.test.ts
index bfdec18ea..0af2b0695 100644
--- a/packages/agent/src/agent/http/http.test.ts
+++ b/packages/agent/src/agent/http/http.test.ts
@@ -136,6 +136,7 @@ test('queries with the same content should have the same signature', async () =>
   const httpAgent = new HttpAgent({
     fetch: mockFetch,
     host: 'http://127.0.0.1',
+    verifyQuerySignatures: false,
   });
 
   const methodName = 'greet';
@@ -702,6 +703,7 @@ test('should fetch with given call options and fetch options', async () => {
         __nativeResponseType: 'base64',
       },
     },
+    verifyQuerySignatures: false,
   });
 
   await httpAgent.call(canisterId, {
diff --git a/packages/agent/src/agent/http/index.ts b/packages/agent/src/agent/http/index.ts
index fde205677..b8b9e043c 100644
--- a/packages/agent/src/agent/http/index.ts
+++ b/packages/agent/src/agent/http/index.ts
@@ -542,10 +542,15 @@ export class HttpAgent implements Agent {
     queryResponse: ApiQueryResponse,
     subnetStatus: SubnetStatus | void,
   ): ApiQueryResponse => {
-    if (!subnetStatus || this.#verifyQuerySignatures === false) {
+    if (this.#verifyQuerySignatures === false) {
       // This should not be called if the user has disabled verification
       return queryResponse;
     }
+    if (!subnetStatus) {
+      throw new CertificateVerificationError(
+        'Invalid signature from replica signed query: no matching node key found.',
+      );
+    }
     const { status, signatures, requestId } = queryResponse;
 
     const domainSeparator = new TextEncoder().encode('\x0Bic-response');
diff --git a/packages/agent/src/fetch_candid.test.ts b/packages/agent/src/fetch_candid.test.ts
index b2df5c1e9..a0898d5f0 100644
--- a/packages/agent/src/fetch_candid.test.ts
+++ b/packages/agent/src/fetch_candid.test.ts
@@ -19,7 +19,11 @@ test('simulate fetching a Candid interface', async () => {
     );
   });
 
-  const agent = new HttpAgent({ fetch: mockFetch, host: 'http://127.0.0.1' });
+  const agent = new HttpAgent({
+    fetch: mockFetch,
+    host: 'http://127.0.0.1',
+    verifyQuerySignatures: false,
+  });
 
   const candid = await fetchCandid('ryjl3-tyaaa-aaaaa-aaaba-cai', agent);