Postman ssl error unable to verify the first certificate

Comments

$ dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. If the certificate is not already trusted we will run the following command:
'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <<certificate>>'
This command might prompt you for your password to install the certificate on the system keychain.

cat domain.my.crt bundle.crt > domain.my.chained.crt

public void ConfigureServices(IServiceCollection services)
      {
          services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);

          services.AddControllers();
          services.AddDbContext<AppDbContext>(options => {
              options.UseInMemoryDatabase("APIBlogs-in-memory");
          });
          services.AddScoped<IUserRepository, UserRepository>();
          services.AddScoped<IUserService, UserService>();
      }

      // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
      public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
      {
          if (env.IsDevelopment())
          {
              app.UseDeveloperExceptionPage();
          }

          app.UseHttpsRedirection();
          app.UseRouting();

          app.UseAuthorization();

          app.UseEndpoints(endpoints =>
          {
              endpoints.MapControllers();
          });
      }

Error: unable to verify the first certificate — only in the Runner #7968

Describe the bug
When running the Runner in our testing environment, in the Postman console, I get:

Error: unable to verify the first certificate
Warning: This request did not get sent completely and might not have all the required system headers

And the Runner stops. This is the first route in that collection.

To Reproduce
Steps to reproduce the behavior:

1. Go to the Postman Runner.
2. Set the environment to the test server.
3. Run the collection.

Expected behavior
That the runner should function just as individual routes do instead of crashing.
My colleagues accessing the same test server are not experiencing this problem. We compared our settings, and they seem to all be the same.

Screenshots

App information (please complete the following information):

• App Type: Windows app
• Postman Version 7.16.1
• OS: Windows 10

Additional context
SSL certificate verification is turned off.
I am able to run the Runner on my localhost, just not on our test server. I used to be able to do this until recently when we had to install 7.16.1 on my computer. I can run a route individually against the test server, and it’s fine. But when the Runner hits that exact same route, it crashes. as shown in the screenshots.

We also tried Postman Canary, and I had the same problem there.

The text was updated successfully, but these errors were encountered:

Источник

Postman error: unable to verify the first certificate

When requesting the new token for OAuth2 in postman there’s an error showing in the console log as below

Exit fullscreen mode

To fix the error, just turn off the highlight option

For further actions, you may consider blocking this person and/or reporting abuse

Timeless DEV post.

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It’s not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I’m talking about Git and version control of course.

Read next

proto and prototype chaining

Surendrababuvunnam — Jan 14

«Why refactoring your code is crucial for maintaining a healthy codebase»

Configuring an SSH Connection Using a Key

Max Zhuk — Jan 14

Integrating JavaScript with OpenAI: A Beginner’s Guide

Kane Hooper — Jan 14

More from Tanatip Siriprathum

Once suspended, tanatip will not be able to comment or publish posts until their suspension is removed.

Once unsuspended, tanatip will be able to comment and publish posts again.

Once unpublished, all posts by tanatip will become hidden and only accessible to themselves.

If tanatip is not suspended, they can still re-publish their posts from their dashboard.

Once unpublished, this post will become invisible to the public and only accessible to Tanatip Siriprathum.

They can still re-publish the post if they are not suspended.

Thanks for keeping DEV Community 👩‍💻👨‍💻 safe. Here is what you can do to flag tanatip:

tanatip consistently posts content that violates DEV Community 👩‍💻👨‍💻’s code of conduct because it is harassing, offensive or spammy.

Unflagging tanatip will restore default visibility to their posts.

DEV Community 👩‍💻👨‍💻 — A constructive and inclusive social network for software developers. With you every step of your journey.

Built on Forem — the open source software that powers DEV and other inclusive communities.

Made with love and Ruby on Rails. DEV Community 👩‍💻👨‍💻 © 2016 — 2023.

We’re a place where coders share, stay up-to-date and grow their careers.

Источник

SSL certification verification turned to off no longer works #5879

This seems to be a duplicate of this existing issue: #5819

You can delete this duplicate please.

Describe the bug
When trying to Get New Access Tokens from our internal enterprise developer gateway (https endpoint), it throws an error with the following stack trace:

To Reproduce
Steps to reproduce the behavior:

1. Go to postman preferences
2. Turn SSL Certificate Verification to «OFF»
3. Go to a new request
4. click on authorization tab
5. Click on Get New Access Token
6. Enter in an access token URL with «https» prefix
7. Click Request Token
8. See error

Expected behavior
Since we have SSL certificate verification turned to off, the expected behavior is for the SSL cert to be ignored

Screenshots

App information (please complete the following information):

• Native App
• Postman Version 6.7.3
• OS: macOS High Sierra 10.13.6

Additional context
Add any other context about the problem here.

The text was updated successfully, but these errors were encountered:

Источник

Improve SSL verification experience for localhost and self-signed certificates #4726

I recently had to do a clean install of my OS (new machine build).
I have reported this bug in the past and it still hasn’t been resolved but for some reason you guys keep closing the ticket as resolved.

So here we go again .

My environment setup

1. Clean install of windows 10.
2. Apply all updates to the OS.
3. Clean install of VS 2017 (download ISO as part of this from visualstudio.com).
4. Clean install of postman.

Producing the problem

1. Open VS, 2017.
2. load project from source control.
3. Press F5 to build and run the project, a browser window opens with my API root URL
4. Open postman
5. Copy URL from browser window to postman
6. Hit send .

Outcome
In browser: Json repsonse from server
In postman: Could not get any repsonse

What must I do to get this scenario to work?
Last time I spent about half an hour messing about «forcefully having to install certs» and rebooting the machine.

EVERY other piece of software I have «just works», but postman requires this constant battle and this is only a problem for localhost https calls on a VS dev server.

More detail on postmans issue
If I open up the postman console and re issue the request it says in the console

Error: SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE

then my request headers are listed.

Note:
If i disable the option «SSL Certificate Verification» in the options it works.
Is a self signed localhost cert not a valid SSL cert . surely as long as it allows postman to establish a connection and a basic understanding of a trust relationship it should accept the self signed cert by default?

The text was updated successfully, but these errors were encountered:

Could there at least be a page like chrome with the option to override security warning and let this request go through?

actually i would just rather that a self signed localhost cert be allowed . this is after all a testing tool so you’d expect developers to use it on their localhost instances.

Instead this basicall says that by default every dev on their local machine has installed and uses (when hitting F5 from VS) a fully properly issued SSL cert . which is madness.

Postman has always been honoring the SSL certificate validity. However, we’ve been showing ways to help debug this cases through instructions on the error page.

I do understand that for most of the cases where development happens locally this might not be ideal. We could make this experience better.

I’m marking this as a feature request for enhancing the experience working with untrusted servers.

If someone is working on Postman’s SSL verification section, it would also be useful to look at this feature request about custom root CAs: #3290

Strange, I am not experiencing the same issue when I am testing locally from postman and https://localhost:SOMEPORT from visual studio. Are you sure that you have everything configured properly? Maybe the difference is that I run Visual Studio as administrator and have «localhost» cert in «Trusted Root Certification Authorities» user store and «Personal» machine store (where I believe VS added it)? I only hit mentioned issue «UNABLE_TO_VERIFY_LEAF_SIGNATURE» when I use https://localhost with addition of client certificate as described in #4627 and its comments.

@EasyMilos as stated . I have a clean install of windows, and a clean install of postman.
Postman will ONLY work with localhost servers that self sign if you change the setting «SSL Certificate Verification» which you must have obviously done already.

My point was simply given the job of Postman is to be a testing / dev tool to help build and test API’s this is a scenario that should be detected by postman and automatically trusted or is there a good reason to not consider VS based projects a «typical default usage scenario» for postman?

I do however see the need for postman to encourage good standards but this is the type of standards enforcement that just gets in peoples way for no gain.

Postman 6.1.4
macOS High Sierra 10.13.5 (17F77)

Self-signed Certificate for «localhost» utilizing the Subject Alternative Name extension:

I have installed the .crt into Keychain Access and set all of the Trust items to Always Trust . Viewing any of my configured domains shows the certificate as trusted by the Chrome browser.

In Postman I went to Settings > Certificates and I added my .crt and .key as a Client Certificate for my api.localhost domain. Under Settings > General I do also have the SSL certificate verification turned on and would prefer to leave it enabled to verify non-local API endpoint certificates.

Despite which domain I use ( localhost , website.localhost , or api.localhost ), I continually get the error that Postman Could not get any response .

For the sake of argument, «turning off SSL certificate validation is not really fixing the problem — it should be labeled as a temporary work-around until a more permanent solution can be implemented on Postman’s end. Since this «fix» globally disables all SSL verification, the console should show a warning for each SSL endpoint reminding developers that their SSL verification has been disabled.

I would also like to ask about the point of the Client Certificates portion of the settings if it does not honor the configured certificates? After reading the documentation for Certificates, the first thing it says is, «Postman’s native apps provide a way to view and set SSL certificates on a per domain basis.» This had led me to believe adding my .crt and .key would have fixed the Error: SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE error.

Thank you for your time, and please let me know if there is any further information I may provide to help speed this development along! 🙂

Источник

How to Troubleshoot SSL Certificate & Server Connection Issues

2020 Update: If you want to dig deeper into SSL certificates, check out this post about Postman product updates.

Looking for help with the error, “self-signed SSL certificates are being blocked,” or a related error? Well, you’ve come to the right place.

Perhaps you’re using Postman and have encountered the “Could not get any response” error pictured below:

Let’s get you back on track with a few ways that you can troubleshoot this unexpected behavior in Postman.

Benefits of the Postman Console

The Postman Console works the same way as a web browser’s developer console. If your APIs or API tests are not behaving as you would expect, this is the place to go to deep dive while debugging the same. Since Postman Console logs all of your API activities, you are able to get more detailed information about what’s going on under the hood. This should be your first step in identifying the SSL certificate issue you’re seeing while you’re trying to debug.

Here’s all of the information that the Postman Console logs:

• The actual request that was sent, including all underlying request headers and variable values, etc.
• The exact response sent by the server before it is processed by Postman
• The proxy configuration and certificates used for the request
• Error logs from tests or pre-request scripts
• The console.log() from inside scripts

Common Server Connection Issues and How to Resolve Them

If Postman is unable to connect to your server, you will probably get the message “could not get a response.” To check if you’re having connectivity issues, try opening your server address in a web browser. If you’re able to open it in your browser then potential issues could include:

Firewall Issues

Some firewalls are configured to block non-browser connections. If this happens, you will need to contact your network administrators for Postman to work.

Proxy Configuration

If you’re using a proxy server to make requests, ensure that it’s configured correctly. Postman will use the system proxy by default – custom proxy info can also be added if it’s needed for specific requests or domains. You can see more information about the proxy server using the Postman Console.

SSL Certificate Issues

If you’re using HTTPS connections, you can turn off SSL verification under Postman settings. If that doesn’t resolve the issue, your server may be using a client-side SSL connection which you can configure under Postman Settings. Check the Postman Console to ensure that the correct SSL certificate is being sent to the server.

Client Certificate Issues

The purpose of a client certificate is to allow users to assert their identity to a server thus serving as a layer of security. Since passwords can easily be compromised, client certificates authenticate users based on the system they use. As such, the server might require client certificates. If users attempt to access a server without permissions, they would be denied access. You can resolve this by adding a client certificate under Postman Settings.

Incorrect Request URLs

You can send requests in Postman to connect to APIs you are working with. Using variables allows you to store and reuse values in your requests and scripts, increasing your ability to work efficiently and minimize the likelihood of error. Environment variables are frequently used across multiple server environments such as development, staging, and production. In contrast to global variables which are commonly used to capture brief states. However, If your request includes variables or path parameters then make sure that they’re defined in your environment or globals. Unresolved request variables can result in invalid server addresses.

Incorrect Protocol

The first part of the URL requires a protocol which can be http or its secured version, https. A protocol is important because it determines how data is transferred between the host and the web browser. Since URL requires one of the two protocol options, make sure that you’re not accidentally using https:// instead of http:// (or vice versa) in your URL.

Invalid Postman Behavior

It’s possible that Postman could be making invalid requests to your server. Check your server logs (if available) to confirm if this is the case.

Very Short Timeouts

If you configure a very short timeout in Postman, the request may timeout before completion. To resolve this, you will need to go into your Postman settings and set how long the app should wait for a response before saying that the server isn’t responding. A value of 0 indicates infinity which, means Postman will wait for a response forever.

Invalid Responses

If your server sends incorrect response encoding errors or invalid headers, Postman won’t be able to interpret the response.

Getting Help

If you are still running into issues and unable to resolve them, you can either file or search for an existing issue on our GitHub issue tracker. If you need to include confidential data then you can file a ticket with Postman support and help you troubleshoot.

Источник