Ssl error certificate has expired postman

Why do I get a SSL Expired error for certificates that are still valid?

I have a server that hosts a Java backend which has a JavaKeyStore (JKS) that stores a certificate from Lets Encrypt.

The certificate chain looks as follows:

— ISRG Root X1 (valid until 30/09/2024, 20:14:03 CEST)
— R3 (valid until 15/09/2025, 18:00:00 CEST)
— api.verumsoftware.com (valid until 31/10/2021, 23:10:36 CET)

When I make a request in Postman I get the following error:

SSL Error: Certificate has expired

I find this odd since each certificate in the chain should still be valid. Does anybody know what could cause this? When I look up the server on various sites that check whether certificates are correctly installed, they all say it’s perfectly fine.

3 Answers 3

This is a LetsEncrypt issue that occurred on Sep 30 2021. You probably need to patch the OS to remove the offending certificate.

Or use a non-LetsEncrypt SSL Cert.

Apparently this was an issue with Postman, details can be found here: https://github.com/postmanlabs/postman-app-support/issues/10338

Updating Postman to version 9.0.5 fixed the issue for me!

There is a very simple fix: install this «new» R3 certificate on the CLIENT — So, on your iPhone (or other iOS device), PC/Mac, browser ect (tested only of Apple, but should work for Android,ect)

1. GoTO https://letsencrypt.org/certificates/
2. find the bullet Let’s Encrypt R3 (below active)
3. Click on the link called pem (or one of the other types; try a bit for your device)
4. It will download the cert and/or offer to install it

• Use ‘Setting’
• A new entry is shown, about the cert
• follow it, accept it
• Done
• The file is downloaded
• Open: KeyChain acces
• File-> Import
• Select the file; eg:

/Downloads/let-encript-r3.pem

• follow, etc
• optionally: select/config SSL: always trust
• Done

In general, there is NO need to install/update software, just one file 🙂

Источник

Postman Reports Certificate Expired for Sectigo Chains #8589

Describe the bug
Certificates signed by Sectigo and trusted through USERTrust are reporting the error «Error: certificate has expired». This is related to https://www.namecheap.com/blog/sectigo-ssl-certificate-root-expiration-issue

In this case the operating system and browser select the correct chain but Postman appears to have its own chain validation and incorrectly fails on the first chain that expires.

To Reproduce
Steps to reproduce the behavior:

1. Go to HTTPS URL signed by Sectigo / USERTrust Chain — I can provide a URL for testing but did not want it public
2. Simply make a GET request
3. See error

Expected behavior
Trust Sectigo Chains Signed by USERTrust without having to bypass certificate verification.

Screenshots

App information (please complete the following information):

• Postman MacOS and Windows
• Postman Versions 7.25.1 & 7.25.2 (only ones tested)
• OS: [e.g. MacOS 10.15.5, Windows 10]

Additional context
Very simple, just make an HTTPS call to any HTTPS site protected by Sectigo/USERTrust

The text was updated successfully, but these errors were encountered:

Источник

In postman pro Monitoring is failing #3128

12 17:02:49 Error: certificate has expired
13 17:02:49 JSONError: Unexpected token u in JSON at position 0
14 17:02:49 JSONError: Unexpected token u in JSON at position 0

24 17:02:50 Postman Monitoring finished
8. Screenshots (if applicable)

1. Create a postman collection

1. add a monitor
2. When the run happens, check the results.

The text was updated successfully, but these errors were encountered:

@malyalal Thanks for reporting. We are looking into this.

Hi @malyalal
It looks like there are a few errors in your monitor. Here are explanations of each.

Notice that most of the URL is missing. I assume this is because you’re using a variable to fill-in parts of the URL (e.g. https://<> ) and the variable is either missing or empty. Please ensure that you’ve attached an environment to your monitor and that the environment contains the necessary variable(s).

This is an SSL error . I assume this is just due to the missing domain name in the URL. So once you fix the first error, this one will probably be fixed too.

Источник

Ошибка: «SSL certificate problem: certificate has expired»

Начиная с 1 октября 2021 начал получать много сообщений от пользователей, которые получали ошибку «SSL certificate problem: certificate has expired» при попытке обновить компонент через админку.

Ниже попытаюсь вкратце объяснить, из-за чего возникла проблема и как ее решить.

Причина ошибки:

30 сентября 2021 14:01:15 GMT закончился срок действия корневого сертификата IdenTrust DST Root CA X3.

Из-за этого стала невозможна проверка сертификатов, выпущенным центром сертификации Let’s Encrypt.

Эта проверка осуществляется при отправке запросов с вашего сервера на другой сервер через домен, который имеет SSL-сертификат Let’s Encrypt.

Потому все такие запросы, отправленные через cURL будут выдавать ошибку «SSL certificate problem: certificate has expired«

Исправление:

Если вы получаете эту ошибку при попытке обновить компонент через админку Joomla, то Вам необходимо удалить просроченный сертификат из цепочки сертификатов, которые использует Joomla.

Для этого через ФТП найдите файл /libraries/src/Http/Transport/cacert.pem (в более ранних версиях Joomla — /libraries/joomla/http/transport/cacert.pem) и скачайте его на свой ПК, чтобы сделать резервную копию.

Откройте файл и найдите строку, содержащую «DST Root CA X3«. удалите ее и все последующий блок (это и есть просроченный сертификат):

Сохраните файл на сервер.

Если же в Вашем файле сертификаты не подписаны, то найдите нужный по последним 5 буквам — CNTUQ.

Если же Вы столкнулись с ошибкой «SSL certificate problem: certificate has expired» в другом месте, то напишите в тех. поддержку своего хостинга обращение следующего содержания:

«При попытке отправки запросов через cURL получаю ошибку SSL certificate problem: certificate has expired. Удалите, пожалуйста, просроченный сертификат DST Root CA X3 из цепочки сертификатов, которую использует OpenSSL»

Источник

SSL certificate problem: certificate has expired

In this article

A lot of websites are using a global certificate, which expired on September 30 2021. This creates an issue when you are trying to connect to our API.

The problem is about the certificate of your own server, and it can only be solved by your host!

1. How to check the error?

Go to our Help center and under Possible Conflicts press the Test connection button, your page will get refreshed with an error log inside the Debug information part. That log will contain a similar error:

2. How to confirm the error?

Create a new php file and put the following content inside:

Upload the php file you created into your server, e.g. via FTP and open it in your browser. For example, if you created test.php then you can open, e.g. https://yoursite.com/test.php . Look for lines that start with SSL to identify the issue with your certificate.

If you need to contact your host to get this problem sorted, you can send them the link to this file which should help them understand the problem and provide an accurate fix in a timely manner.

If you see the certificate is fine here, then your WordPress certificate is the one that needs updated.

Possible example results

Below you can see some example results the code above produces that indicate problems.

2.1. Issue: Certificate not set

Here the key error is in the 5th line, that starts with: SSL certificate problem . In this example the cause of the problem is that PHP is unable to get local issuer certificate, which is caused by a misconfiguration of the SSL certificate on your server.

2.2. Issue: Expired certificate

Here the key error is in the 7th line, that starts with: SSL certificate problem . In this example the cause of the problem is that the certificate has expired and it needs to be updated.

2.3. Server’s SSL certificate is fine

If your SSL is fine, you should see a similar log:

The key here is the last line that starts with a star ( * ). It reads SSL certificate verify ok. which means that your server’s certificate is fine.

If you see the certificate is fine here, but you still keep getting the message about the certificate being expired then your WordPress certificate is the one that needs updated.

3. What’s the cause of the error?

The cause of the problem is that the root SSL certificate of the server is expired on September 30, 2021. This certificate is used to communicate between two websites, and this communication can only happen via https. The communication between two servers uses a different certificate than the communication between the browser and the website.

So even if you have a valid certificate for your site for the SSL connection between the site and browser you can still have another, expired certificate on the server that’s used when your site communicates with other websites. If you receive the 60SSL certificate problem: certificate has expired error that means the server’s root certificate has expired, and the host needs to update that.

Send your host this Let’s Encrypt article that explains the problem in detail: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ and tell them it’s impacting you as well.

4. How to solve the problem?

The only solution to this problem is to get your host to update the root certificate on your server.

So, you need to contact your server host and ask them to insert a new cacert.pem file into their servers, and configure it within their php.ini file. That way your website won’t use the globally accessible certificate anymore, but it will have its own.

A website has multiple SSL certificates. If your host says, that your SSL certificate is fine, then they checked the wrong certificate! Ask them to follow the solution examples below, to fix the root certificate.

The php test file above shows the location of the root certificate your host needs to update. Creating the testing file and providing it to your host can help them understand which certificate they need to look at.

Solution examples

You can find a few examples here on how to solve the problem on certain servers. You can send these instructions to your host which they should be able to understand and apply to your own server. Depending on the used server, some steps might be different.

⚠️ Warning: Server related problems need to be solved by the host. We’re unable to provide support for server management.

Solution on WampServer

Download this cacert.pem file.

Place this file into your PHP folder. Like if you are using php7.4.9 , put the file here:
C:wamp64binphpphp7.4.9

Open the php.ini file of the server (left click on the Wamp icon → PHP → php.ini):

Find this line: ;curl.cainfo

Change it to where your cacert.pem file is: curl.cainfo = «C:wamp64binphpphp7.4.9cacert.pem»

Make sure you remove the ; sign at the beginning of the line!

Save the php.ini file.

Restart Wamp, and the problem should be fixed!

Solution on MAMP — Mac localhost server

Solution on Windows server

Download this cacert.pem file.

Place this file into your PHP folder. Like if you are using php7.0 and your server installation happened in the Program Files (x86) folder, put the file here:
C:Program Files (x86)PHPv7.0

Open the php.ini file of the server.

Find this line: ;curl.cainfo

Change it to where your cacert.pem file is: curl.cainfo = «C:Program Files (x86)PHPv7.0cacert.pem»

Make sure you remove the ; sign at the beginning of the line!

Save the php.ini file.

Restart your server: iisreset /restart
and the problem should be fixed!

Tips based on user feedbacks

openssl.cafile

One person with CentOS server, in his php.ini file also had to change the openssl.cafile value, to point to the new cacert.pem file:

Expired WordPress certificate

This issue is connected to a certain OpenSSL version and a WordPress certificate problem. You can learn more about it here. To solve this problem, update your wp-includes/certificates/ca-bundle.crt file with the content you can find here: https://github.com/WordPress/WordPress/blob/master/wp-includes/certificates/ca-bundle.crt

Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Источник

2020 Update: If you want to dig deeper into SSL certificates, check out this post about Postman product updates.

Looking for help with the error, “self-signed SSL certificates are being blocked,” or a related error? Well, you’ve come to the right place.

Perhaps you’re using Postman and have encountered the “Could not get any response” error pictured below:  

Let’s get you back on track with a few ways that you can troubleshoot this unexpected behavior in Postman.

Benefits of the Postman Console

The Postman Console works the same way as a web browser’s developer console. If your APIs or API tests are not behaving as you would expect, this is the place to go to deep dive while debugging the same. Since Postman Console logs all of your API activities, you are able to get more detailed information about what’s going on under the hood.  This should be your first step in identifying the SSL certificate issue you’re seeing while you’re trying to debug. 

Here’s all of the information that the Postman Console logs:

• The actual request that was sent, including all underlying request headers and variable values, etc.
• The exact response sent by the server before it is processed by Postman 
• The proxy configuration and certificates used for the request
• Error logs from tests or pre-request scripts
• The console.log() from inside scripts

Common Server Connection Issues and How to Resolve Them 

If Postman is unable to connect to your server, you will probably get the message “could not get a response.” To check if you’re having connectivity issues, try opening your server address in a web browser. If you’re able to open it in your browser then potential issues could include:

Firewall Issues

Some firewalls are configured to block non-browser connections. If this happens, you will need to contact your network administrators for Postman to work. 

Proxy Configuration

If you’re using a proxy server to make requests, ensure that it’s configured correctly. Postman will use the system proxy by default – custom proxy info can also be added if it’s needed for specific requests or domains. You can see more information about the proxy server using the Postman Console.

SSL Certificate Issues

If you’re using HTTPS connections, you can turn off SSL verification under Postman settings. If that doesn’t resolve the issue, your server may be using a client-side SSL connection which you can configure under Postman Settings. Check the Postman Console to ensure that the correct SSL certificate is being sent to the server.

Client Certificate Issues

The purpose of a client certificate is to allow users to assert their identity to a server thus serving as a layer of security. Since passwords can easily be compromised, client certificates authenticate users based on the system they use. As such, the server might require client certificates. If users attempt to access a server without permissions, they would be denied access. You can resolve this by adding a client certificate under Postman Settings.

Incorrect Request URLs

You can send requests in Postman to connect to APIs you are working with. Using variables allows you to store and reuse values in your requests and scripts, increasing your ability to work efficiently and minimize the likelihood of error. Environment variables are frequently used across multiple server environments such as development, staging, and production. In contrast to global variables which are commonly used to capture brief states. However, If your request includes variables or path parameters then make sure that they’re defined in your environment or globals. Unresolved request variables can result in invalid server addresses.

Incorrect Protocol

The first part of the URL requires a protocol which can be http or its secured version, https. A protocol is important because it determines how data is transferred between the host and the web browser. Since URL requires one of the two protocol options, make sure that you’re not accidentally using https:// instead of http:// (or vice versa) in your URL.

Invalid Postman Behavior

It’s possible that Postman could be making invalid requests to your server. Check your server logs (if available) to confirm if this is the case.

Very Short Timeouts 

If you configure a very short timeout in Postman, the request may timeout before completion. To resolve this, you will need to go into your Postman settings and set how long the app should wait for a response before saying that the server isn’t responding. A value of 0 indicates infinity which, means Postman will wait for a response forever.

Invalid Responses

If your server sends incorrect response encoding errors or invalid headers, Postman won’t be able to interpret the response. 

Getting Help

If you are still running into issues and unable to resolve them, you can either file or search for an existing issue on our GitHub issue tracker. If you need to include confidential data then you can file a ticket with Postman support and help you troubleshoot.

Oct 1, 2021 Here you can find how to resolve postman SSL Error: Certificate has expired issue
From youtube.com
Author Knowledge Extension
Views 3.7K
See details »