Reputation: 941
How to use self signed certificates in Postman?
I am using Postman to test my API. I am using self-signed certificates to use HTTPS in my application.
After I turn on the HTTPS setup, the postman app shows this error
it shows
Error: self signed certificate
The API calls works perfectly when I turn off the SSL certificate verification in the postman setting. I tried to install certificate/keys in postman app but it didn't work.
I want to use the certificate/keys in postman so that I can hit the APIs using SSL. Is there any way to do that?
Upvotes: 8
Views: 20792
Answers (1)
Reputation: 145
Generate RootCA.pem, RootCA.key & RootCA.crt:
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=BR/CN=Example-Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
customize waht you want...(C=?,CN=? etc)
Domain name certificate
Add your domain myapp.local that is hosted on your local machine for development (using the hosts file to point them to 127.0.0.1).
127.0.0.1 myapp.local
First, create a file domains.ext that lists all your local domains:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = myapp.local
Generate localhost.key, localhost.csr, and localhost.crt:
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=BR/ST=BAHIA/L=SSA/O=Example-Certificates/CN=localhost.local"
openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
openssl pkcs12 -export -inkey localhost.key -in localhost.crt -out localhost.p12
customize waht you want...(C=?,CN=? etc)
For p12 uses 'password'. This was my keystore on springboot app for example:
Confguring a Keystore (used PKCS12 format, maybe a JKS format also acceptable)...
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-configure-ssl
cp localhost.p12 myapp/src/main/resources/keystore/localhost.p12
edit application.properties
# secure server port
server.port=8443
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/localhost.p12
# The password used to generate the certificate
server.ssl.key-store-password=password
# Enable ssl
server.ssl.enabled=true
Trust the local CA
At this point, the site would load with a warning about self-signed certificates. In order to get a green lock, your new local CA has to be added to the trusted Root Certificate Authorities.
In Postman go to:
- Settings -> Enable SSL certificate verification: ON.
- Settings -> Certifcates -> CA Certificates: add the PEM RootCA.pem
In a curl command line:
curl --cacert RootCA.crt -v https://myapp.local:8449/endpoint
Upvotes: 3
Related Questions
- Postman Error: Self signed certificate in certificate chain
- Postman how to send server SSL certificate client.crt
- postman ssl issue when post https request
- Postman: How to specify a client certificate for a particular request
- Postman "Self-signed SSL certificates are being blocked"
- How to use pfx certificate in postman?
- How to pass custom certificate in post man?
- Trouble getting a self-signed cert working in Postman
- How to use self signed certificat with Postman
- How to configure SSL Certificates in Postman App for Windows 7 64 bit?