2

Description of Problem

I'm trying to hit a REST endpoint that requires a certificate from the browser and from Postman.

I've configured Chrome and Postman with a client side cert. The cert works when using a Chrome on a Swagger page (using the client side cert selected by a browser popup) but not when using Postman.

So my guess is that Postman is not using the certificate I've configured. I tried to examine Chrome DevTools Networking tab to see if it shows the certificate being passed, but it doesn't.

So that is my question. Does Chrome (or Postman) have the ability to display the client side certificate being used for a given request?

I'm looking for something akin to using the curl --verbose with a client side certificate. When using --verbose with curl, both the client and server side certificate information is dumped to the console for viewing.

Does Chrome DevTools (or Postman) support something like this?

Searching for an answer to my question

Searching in SO for [certificate and debugging] and [certificate and google-chrome] and [certificate and postman] I found:

PatS
  • 5,912
  • 9
  • 39
  • 72

1 Answers1

0

I found that Postman when it's using certificates, it includes a Networking section in the Postman Console output.

For example,

GET https://example.com//api/my/restEndpoint
401
11 ms
Warning: Unable to verify the first certificate
Network
addresses: {…}
local: {…}
remote: {…}
tls: {…}
reused: false
authorized: false
authorizationError: "UNABLE_TO_VERIFY_LEAF_SIGNATURE"
cipher: {…}
protocol: "TLSv1.3"
ephemeralKeyInfo: {}
peerCertificate: {…}

This shows that the certificate was not trusted (e.g., the certificate authority was not known).

PatS
  • 5,912
  • 9
  • 39
  • 72