I’m trying to setup a REST Service for a client, they provided a .CER Certificate, I got a .KEY file for tests. The idea was to test the connection separately from the clients’ tools using Postman, to have like a test suite so to say, that will avoid the usual “which side is configured wrong now…?” scenario.
I know our Service connection and certificate setup serverside works because it’s already running for another client, so that has been checked.
I have configured the certificate in “Settings->Certificates”, selected the .CER file in the CRT file selection (first intuition alert… would say that’s wrong but it seems to be right). I have also configured the .KEY file (which was also registered in my local System, maybe relevant later below).
Wenn I send POST request I get a “401 The SSL certificate error”.
Inspecting the sent request in the Postman console, it shows the certificate is being sent (or at least some information regarding the configured certificates… eventually formatted in a way it doesn’t work?)
Now to the strange part… I enabled Fiddler traffic control to see what the packets looked like, Fiddler recongnised the packet needed a certificate, asked for it to be saved in a folder in my documents. I copied the same .CER file to that folder, hit ok, and Fiddler then forwarded the packet… it worked! Server responded 200 Ok, I checked our system logs and the data was received.
So it again proves the certificates are ok, they match.
The CER file looks something like
… base64 stuff …
Then the KEY
-----BEGIN PRIVATE KEY-----
… base64 stuff …
-----END PRIVATE KEY-----
I also tried with PEM, generated a .PEM and a .P12, both unsuccessful.
So to the many questions… considering the .CER file was the same one,
- why does the Postman request not work on its own?
- why does it work when Fiddler is on?
- where does Fiddler get the key from? Considering it only asks for the .CER file (I presume it checks the system…? And as I said before, I registered it)
- How can I correctly configure Postman?
Sorry about the vagueness of the post, I cannot post many details about the certificates of course. Even tried a few screenshots, but whatever is relevant I always ended up blacking out so… =)
Thank you for the help!