Hi All,
I have googled this like mad, and am still getting the same issue. I am submitting requests, but tests throw up the warning " Unable to Verify The First Certificate".
Upon Googling, i have double and triple checked that:
File > Settings > Request > SSL certificate verification = OFF
But i still get:
Any ideas?
Are the locations of the certificates pointing to the correct place?
Iâm assuming that you have added these paths within the app.
Are you able to expand on more about the request, is this going to an internal endpoint? Something public?
Is any type of redirect happening?
Just trying to build the picture up of the configuration you have and the type of request. It difficult to get that contextual information from a couple of croped images with the app. 
No worries, the more questions the better.
Might be something extra to try in here?
Different users walking through similar issues and things to try.
Are you not adding any certificates under Settings > Certificates?
I tried these steps, an worked for me (step# 12).
Postman responds to API calls with âError: Unable to verify the first certificateâ (ivanti.com)
In the settings you have the option
âUse server cipher suite during handshakeâ.
I checked this one and the problem was fixed for me. Is the setting right bellow Disable cookie jar, so it was cut in the screenshot.
I am running a nodejs pod behind an nginx ingress in K8s, not sure if this info is useful fo you.
I am facing the same problem (testing local with the desktop app on Windows 11);
Status: 404 Not Found. - localhost - Unable to verify the first certificate. Above solutions did not work for me.
Today just figured out our version of this problem - Check your computer time, if it is 1 minute off, it could affect postman requests.
Discovered today that my computer time was not automatically updating and it was 1 minute ahead, which messed up the requests and gave the same error
Hope this contribution helps someone
Just incase if anyone still facing this issue and couldnât resolve, try to check this once.
I was able to fix this by going to the Orchestrator Collection, then âright clickâ and click on [Edit collection], you will find a âPre-request Scriptâ tab. You need to delete that script, apparently, there is an error somewhere in that script, or you may need to configure that before trying to run API calls.
In any case, I just needed to run simple API calls so decided to delete the script, and everything starts! to work.
I was facing the same issue. Postman would complain about the âUnable to verify the first certificateâ but if I load the URL via Chrome (or even my mobile app that we are developing), there is no SSL certificate errors.
As my API was hosted on Apache Tomcat (on Windows) & the SSL cert used was an exported SSL cert from IIS (PFX), it was apparently lacking the trust chain (root & intermediate certs).
I found that you could add it manually using openssl commands ( comprehensive guide HERE ) or you could just export your SSL cert via the Windows Certificate MMC. After you have the Certificate MMC opened:
After that, copy and re-apply the newly export PFX to Apache Tomcat (in my case, I just overwrote the existing PFX and restarted Apache Tomcat for the new cert to take into effect). After that, the âUnable to verify the first certificateâ is no longer seen. I could replicate the issue back if I exported the SSL certs from IIS directly. So, moral of the story, do not export your SSL certs via IIS but instead use the Windows Certificate MMC to export it.
Hope this helps someone out or at least point them to the right direction of missing root & intermediate certs in your SSL Cert.
