client certificate not sent by postman - ssl

Can anyone shet some light on how I can debug the matching of certificates configured in Postman?
Problem:
I’m trying to connect to a REST service using a SSL client certificate. I configured it in the settings tab the same way as in set-and-view-ssl-certificates-with-postman
When checking the console I don’t see the certificate being sent and get failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40
Context:
Postman v 6.4.2 running on windows 10
(for security reasons some information below replaced by dummy info)
Using the same certificate/key/password I can setup a connection using openssl. (checked for validity of certificates, TSL v1.1 and v1.2 supported, no SNI issues)
The server certificate is signed by a trusted CA (I tested with both --SSL certificate verification-- on and off )
In the Postman console I dont see the certifciate being sent.
---- [console output] ----
GET https://somehost:443/somepath?someparameter=9076443&somedate=2017-02-17T00:00:00.000
Error: write EPROTO 101057795:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:
Request Headers:
appid:“42”
cache-control:“no-cache”
ipaddress:“192.68.1.1”
postman-token:“some-token”
role:“Applicatie”
userid:“6x9”
---- [end console output] ----
image of certificate configuration
I matched, matched and rematched the hostname
A search on the interweb did not learn me anything I did not try yet…
Questions
Is there any debug option that will show the way the certificates are matched
is there any way I can force postman to pick a configured certificate
any other ideas on how to proceed on this problem
any help appreciated
Additional info
Monitoring with wireshark shows no certificate is sent.
(Postman console did not show a certificate being sent. I assume from examples that it will log which certificates it will/does send for a given request)
snippet wireshark output
Postman app in chrome
it does work from chrome, using the chrome keystore
Using the pk12 form of the same key (original postman request uses the .cer form) imported into the chrome keystore, the requests work.
Chrome app will not do
Obvious question is: “why not keep using the chrome app”
because its depricated and we use the newer 6.x test functions not supported in version 5.x
Question posted on Postman help forum with no answer about a week ago:
OP on postman helpforum
Additional additional info
It works on newman

I had same issue when I typed path to CRT and KEY files instead of using file dialog.
Just click Choose File button instead of pasting file path when adding certificate.

If you can download postman app then there is an option under preference/certificate and under there is an option 'Client Certificate'.
You need to provide both .cert and .key file into respective section, provide host name and key password if any. Click "save". next time you send a request matching hostname , postman app will send the certificate along with the way. You can validate in console output.

Related

Send a request in soapUI impersonating someone other than oneself

I have a POST request step in soapUI that works successfully with my SSL certificate.
It uses the certificate (key may be more accurate) that I saved in soapUI's application configuration settings.
What I want to do is make this request as some test user Bob. Bob has a DN in the system under test.
How to do this?
Adding a header to the request had no effect. I tried X-ProxiedEntitiesChain.
Do I need to remove the key from the settings in order for soapUI to use the header I supply?

Quickbooks Integration SSL Local Issuer issue

I have integrated Quickbooks invoice feature on my website.
But I am facing issue of SSL Local Issuer.
Here is the error details:
Fatal error: Uncaught QuickBooksOnline\API\Exception\SdkException: [0]: cURL error during making API call. cURL Error Number:[60] with error:[SSL certificate problem: unable to get local issuer certificate]...
Could someone advise me, how to fix this issue?
Many Thanks
Did u enabled SSL for your website?(Quickbooks app will communicate with a secure site) this link will help to solve your issue :
PHP cURL error code 60
QB Library file edit link
cURL error during making API call. cURL Error Number:[60] SSL certificate prob: self signed certificate in certificate chain
Searched a lot about this. Finally, I talked to QBO support for this.
They told me that Sometimes when we install SSL certificate on the server so it conflicts with the API inbuilt certificates. And that is the reason why the API throw SSL certificate not exist error on SSL certified website.
So they suggested my best comment out the API inbuilt certificate verification syntax.
And to achieve this we just need to comment out line with verifySSL() calling. And this is in the Same file mentioned above.
But Thank you for the help on this. I really appreciate it a lot.

Runscope Error contacting host SSL

I am using Runscope only for a short time now however it seems pretty straight forward. I have had no problem with other APIs, however for this current one I am having problems.
The error I am getting is the following:
Error contacting host SSL: certificate is valid for *.hostgator.com,
hostgator.com, not NflArrest.com To turn off SSL verification for
this test, change your test's behavior settings, see
https://www.runscope.com/docs/api-testing/behaviors for more details
From the documentation I read here:
SSL Certificate Verification
By default, Runscope will only relay responses if the SSL certificate from the upstream API provider is valid and trusted. To bypass this protection (for instance if you're using a self-signed certificate) on a per-bucket basis, select Bucket Settings in the left sidebar and deselect the option to 'Verify SSL Certificates'.
I have done that so to my knowledge it should work. However I still get the same error. The API documentation I am using can be found here.
Test's don't use the bucket setting, that's just for Gateway URLs/Traffic Inspector. To disable SSL verification in your test, expand the "Environment" section at the top of the test editor, select "Behaviors" and untoggle it there.

PKI authentication implementation in Apache

I am trying to implement the Apache authentication through PKI digital certificates stored on token / smart card.
I'm using XAMPP 5.6.8.0-VC11 on a Windows 7 computer.
Following what I found searching the internet, I uncommented the following settings httpd-ssl.conf file in the Apache configuration:
SSLVerifyClient require
SSLVerifyDepth 10
From there, access to https: // localhost, the browser (IE 11, Chrome 43 and FF 38) display the digital certificate of the screen (use an e-CPF in standard ICP-Brazil, stored in token) and requests the password.
After entering the password and press ENTER, the behavior in browsers is as follows:
In IE, I is shown a page with the message "This page can not be displayed".
In FF, is loading the page indefinitely.
In Chrome, you see the message "Authentication based on certificate failed" ERR_BAD_SSL_CLIENT_AUTH_CERT and clicking on "details" appears:
"This server requires a certificate for authentication and did not accept the one sent by the browser. Your certificate may have expired or the server does not trust the issuer. Try again with a different certificate, if you have one, or you must obtain a certificate valid from somewhere else. "
Already tested several additional settings I found on the internet, but nothing works.
I have also changed the Windows Internet options regarding SSL and TSL, also successful.
I would like to figure out how to implement authentication with digital certificates for a more secure login system that esté in development.
Has anyone experienced this or know how to solve the issue?

JMETER-certificate is not trusted message while login the facebook account

When I was working on facebook.com to recorded the login process using jmeter, then I came across the following error message. what should we do in such condition in order to surpass this step and directly gets login into the facebook application using the proxy server setting for the recording purpose.
The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issue)
As per Recording HTTPS Traffic with JMeter's Proxy Server I believe that it'll be quite enough to clear your browser history.