Hi all
I am trying to proxy Newman through Zap so it can pick up my API calls from the postman-collection
I am using an Ubuntu container with Newman installed to do this so I can test up front with curl.
Dockerfile:
FROM ubuntu:22.04
ADD https://deb.nodesource.com/setup_$NODE_VERSION.x /opt/install_node.sh
RUN apt-get update -y &&
apt-get upgrade -y &&
apt-get install -y gnupg &&
bash /opt/install_node.sh &&
apt-get install -y nodejs &&
npm install -g newman &&
rm /opt/install_node.sh &&
apt-get purge -y gnupg;
WORKDIR /etc/newman
I am also using a Zap2docker container to reach a publicly accessible API (available on dockerhub as a straight pull)
I start the Zap container and then start the Newman container
I can tell the Zap container is up correctly as I expose the API to localhost for me to use
I have set the HTTP_PROXY and HTTPS_PROXY env vars in Newman to match the IP of the Zap container which I get from the command:
docker exec $(zapContainer) hostname -i
I then append “:8080” (the port of the ZAP proxy)
to get the json for Newman to run, I am using a simple get request (no authentication needed) in postman to the API which I then exported as the latest version of collection to get the .json file. The API request works in postman outside of the container going straight to the public endpoint.
I then export the cacert from Zap API interface and Docker cp it into the Newman container
When I run a curl over the https API endpoint with the cacert option, I get a successful API call - easy.
When I then try to use Newman to do the same using the postman-collection.json file I created and the -ssl-extra-ca-certs option with the same cert, I get “self signed cert in certificate chain at request” error and my API request fails.
I have tried renaming the .cer format cert output by Zap as a .pem (the .cer is readable and properly formatted) but see no change in Newman.
But the curl command works with either the .cer Zap self-signed cert or the cert with the same contents but just a renamed extension to .pem - to my mind this proves the cert is good and the issue is with Newman?
If I try --insecure (or flavours of that) with the Newman command instead of the cert I get “Socket hang up at request…” error message
versions
node -v =v19.9.0
npm -v =9.6.3
ubuntu 22.04
Example commands:
newman run dummy-api.json —ssl-extra-ca-certs ZAPCACert.pem -r cli,json --reporter-json-export output.json
curl https://dummy.restapiexample.com/api/v1/employees --cacert /etc/newman/ZAPCACert.pem
What am I doing wrong please - I can’t help feeling its something really simple…
thanks a lot for the help
phil