SSL certificate matching does not seem to work

Hi,

Can anyone shet some light on how I can debug the matching of certificates configured in Postman?

Problem:
I’m trying to connect to a REST service using a SSL client certificate. I configured it in the settings tab the same way as in set-and-view-ssl-certificates-with-postman

When checking the console I don’t see the ceritificate being sent and get failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40

Context:
(for security reasons some information replaced by dummy info)

Using the same certificate/key/password I can setup a connection using openssl. (checked for validity of certificates, TSL v1.1 and v1.2 supported, no SNI issues)
The server certificate is signed by a trusted CA (I tested with both --SSL certificate verification-- on and off )
In the Postman console I dont see the certifciate being sent.

---- [console output] ----

GET https://somehost:443/somepath?someparameter=9076443&somedate=2017-02-17T00:00:00.000

Error: write EPROTO 101057795:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:

    • Request Headers:
      • appid:“42”
      • cache-control:“no-cache”
      • ipaddress:“192.68.1.1”
      • postman-token:“some-token”
      • role:“Applicatie”
      • userid:“6x9”

---- [end console output] ----

certconfig

I matched, matched and rematched the hostname

A search on the interweb did not learn me anything I did not try yet…

Questions

  1. Is there any debug option that will show the way the certificates are matched
  2. is there any way I can force postman to pick a configured certificate
  3. any other ideas on how to proceed on this problem

any help appreciated

Additional info

Monitoring with wireshark shows no certificate is sent.
(Postman console did not show a certificate being sent. I assume from examples that it will log which certificates it will/does send for a given request)

image

it does work from chrome, using the chrome keystore
Using the pk12 form of the same key (original postman request uses the .cer form) imported into the chrome keystore, the requests work.

Chrome app will not do

Obvious question is: “why not keep using the chrome app”
because its depricated and we use the newer 6.x test functions not supported in version 5.x

1 Like