How to use self signed certificates in Postman?

Question

I am using Postman to test my API. I am using self-signed certificates to use HTTPS in my application.

After I turn on the HTTPS setup, the postman app shows this error

it shows

Error: self signed certificate

The API calls works perfectly when I turn off the SSL certificate verification in the postman setting. I tried to install certificate/keys in postman app but it didn't work.

I want to use the certificate/keys in postman so that I can hit the APIs using SSL. Is there any way to do that?

Answer 1

Generate RootCA.pem, RootCA.key & RootCA.crt:

openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=BR/CN=Example-Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

customize waht you want...(C=?,CN=? etc)

Domain name certificate

Add your domain myapp.local that is hosted on your local machine for development (using the hosts file to point them to 127.0.0.1).

127.0.0.1   myapp.local

First, create a file domains.ext that lists all your local domains:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = myapp.local

Generate localhost.key, localhost.csr, and localhost.crt:

openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=BR/ST=BAHIA/L=SSA/O=Example-Certificates/CN=localhost.local"
openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
openssl pkcs12 -export -inkey localhost.key -in localhost.crt -out localhost.p12

customize waht you want...(C=?,CN=? etc)

For p12 uses 'password'. This was my keystore on springboot app for example:

Confguring a Keystore (used PKCS12 format, maybe a JKS format also acceptable)...

https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-configure-ssl

cp localhost.p12 myapp/src/main/resources/keystore/localhost.p12

edit application.properties

# secure server port
server.port=8443
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/localhost.p12
# The password used to generate the certificate
server.ssl.key-store-password=password
# Enable ssl
server.ssl.enabled=true

Trust the local CA

At this point, the site would load with a warning about self-signed certificates. In order to get a green lock, your new local CA has to be added to the trusted Root Certificate Authorities.

In Postman go to:

• Settings -> Enable SSL certificate verification: ON.
• Settings -> Certifcates -> CA Certificates: add the PEM RootCA.pem

In a curl command line:

curl --cacert RootCA.crt -v https://myapp.local:8449/endpoint