Unable to Verify First Cert Issue - Enable SSL Cert Verification : Off

🙋 Help
1

Hi All,

I have googled this like mad, and am still getting the same issue. I am submitting requests, but tests throw up the warning " Unable to Verify The First Certificate".

Upon Googling, i have double and triple checked that:

File > Settings > Request > SSL certificate verification = OFF

image
image691×505 15.5 KB

and have also made sure that this is not overridden in “Settings” for the tests
image
image1185×450 27.8 KB

But i still get:
image

Any ideas?

2

Are the locations of the certificates pointing to the correct place?

I’m assuming that you have added these paths within the app.

Are you able to expand on more about the request, is this going to an internal endpoint? Something public?

Is any type of redirect happening?

Just trying to build the picture up of the configuration you have and the type of request. It difficult to get that contextual information from a couple of croped images with the app. :grin:

3
  • https://{Address} Address is in the path and returns 200
  • The Request is hitting an internally hosted website
  • There is no redirect 302 happening
  • The cert is not present in Trusted Root Certificate Authorities

No worries, the more questions the better.

4

Might be something extra to try in here?

Different users walking through similar issues and things to try.

Are you not adding any certificates under Settings > Certificates?

5

I tried these steps, an worked for me (step# 12).
Postman responds to API calls with “Error: Unable to verify the first certificate” (ivanti.com)

6

In the settings you have the option
‘Use server cipher suite during handshake’.
I checked this one and the problem was fixed for me. Is the setting right bellow Disable cookie jar, so it was cut in the screenshot.
I am running a nodejs pod behind an nginx ingress in K8s, not sure if this info is useful fo you.

7

I am facing the same problem (testing local with the desktop app on Windows 11);
Status: 404 Not Found. - localhost - Unable to verify the first certificate. Above solutions did not work for me.

  • update: on closer inspection there is probabely something wrong with the API source code I am testing, so sorry for this contribution…
8

Today just figured out our version of this problem - Check your computer time, if it is 1 minute off, it could affect postman requests.
Discovered today that my computer time was not automatically updating and it was 1 minute ahead, which messed up the requests and gave the same error

Hope this contribution helps someone

9

Just incase if anyone still facing this issue and couldn’t resolve, try to check this once.

I was able to fix this by going to the Orchestrator Collection, then ‘right click’ and click on [Edit collection], you will find a ‘Pre-request Script’ tab. You need to delete that script, apparently, there is an error somewhere in that script, or you may need to configure that before trying to run API calls.

In any case, I just needed to run simple API calls so decided to delete the script, and everything starts! to work.

image
image1919×1033 164 KB

10

I was facing the same issue. Postman would complain about the “Unable to verify the first certificate” but if I load the URL via Chrome (or even my mobile app that we are developing), there is no SSL certificate errors.

As my API was hosted on Apache Tomcat (on Windows) & the SSL cert used was an exported SSL cert from IIS (PFX), it was apparently lacking the trust chain (root & intermediate certs).

I found that you could add it manually using openssl commands ( comprehensive guide HERE ) or you could just export your SSL cert via the Windows Certificate MMC. After you have the Certificate MMC opened:

  1. Navigate to Certificate > Web Hosting > Certificates and select your SSL cert
  2. Then right click and select “All Task” & “Export”
  3. Click “Next”
  4. Select “Yes, export the private key”
  5. Ensure it is “Personal Information Exchange - PKCS #12 (.PFX) and check
    “Include all certificates in the certification path if possible” (this is the important item)
    “Enable certificate privacy”
  6. Click “Next”
  7. Check “Password” and type in a password and confirm the password (leave Encryption as “TripleDES-SHA1”) and click “Next”
  8. Select a folder & filename to export to
  9. Click “Finish” and a prompt will be shown saying that the export was successful

After that, copy and re-apply the newly export PFX to Apache Tomcat (in my case, I just overwrote the existing PFX and restarted Apache Tomcat for the new cert to take into effect). After that, the “Unable to verify the first certificate” is no longer seen. I could replicate the issue back if I exported the SSL certs from IIS directly. So, moral of the story, do not export your SSL certs via IIS but instead use the Windows Certificate MMC to export it.

Hope this helps someone out or at least point them to the right direction of missing root & intermediate certs in your SSL Cert.

2 Likes
11

Hi! I also experienced the same problem. Can anybody here help me?

image

image
image713×662 54.9 KB

13

I was facing the same issue as well and will share how it went.

The problem: was due to irregular parameters for page and pageSize in Headers.
For some reason, the irregular setup of these two led to Postman displaying there are 18 parameters in the Header.

beforeFix
beforeFix1015×667 57.4 KB

The fix: after deleting those two parameters from the headers, the count of Header params became 8, all of them hidden and the request worked.

afterfix
afterfix939×380 14.5 KB

The (probable) cause of the issue: the fact I was using vs code Postman extension when I first created the request, and when working on that request in Postman, it received those invalid params in the Headers.

Trivia: after I applied ‘the fix’ it works even with SSL certificate verification checkbox turned On in Postman settings.