Postmantesting~15 mins

SSL certificate validation in Postman - Build an Automation Script

Choose your learning style9 modes available

Learn Why Deep Trace Try Challenge Automate Recall Frame

Validate SSL certificate for API endpoint in Postman

Preconditions (3)

Step 1: Open Postman and create a new GET request

Step 2: Enter the HTTPS API endpoint URL (e.g., https://api.example.com/data)

Step 3: Send the request

Step 4: Observe the response status and body

Step 5: Disable SSL certificate validation in Postman settings

Step 6: Send the same request again

Step 7: Observe the response status and body

✅ Expected Result: When SSL certificate validation is enabled, the request should succeed only if the SSL certificate is valid. When disabled, the request should succeed even if the certificate is invalid or self-signed.

Automation Requirements - Postman test scripts

Assertions Needed:

Verify response status code is 200 when SSL validation is enabled and certificate is valid

Verify error or failure occurs when SSL validation is enabled and certificate is invalid

Verify response status code is 200 when SSL validation is disabled regardless of certificate validity

Best Practices:

Use Postman environment variables for endpoint URLs

Use pm.test and pm.response assertions for validation

Do not disable SSL validation in production tests

Log clear messages for pass/fail results

Automated Solution

Postman

/* Postman test script to validate SSL certificate behavior */

pm.test('Response status is 200', function () {
    pm.response.to.have.status(200);
});

pm.test('Response time is less than 2000ms', function () {
    pm.expect(pm.response.responseTime).to.be.below(2000);
});

// Additional checks can be added based on response body or headers

// Note: SSL validation is controlled in Postman settings, not via script
// This script assumes SSL validation is enabled in settings

This Postman test script checks that the response status code is 200, indicating a successful HTTPS request with a valid SSL certificate.

Since SSL certificate validation is controlled by Postman settings, the script itself cannot enable or disable it. Instead, the tester must toggle SSL validation in Postman settings and observe the test results.

The test also checks that the response time is reasonable, which helps ensure the request completed properly.

Assertions use pm.test and pm.response to verify the response status and timing.

Common Mistakes - 3 Pitfalls

Trying to disable SSL validation via test scripts

Not verifying response status code

Using HTTP instead of HTTPS endpoint

Bonus Challenge

Now add data-driven testing with 3 different HTTPS endpoints: one with a valid SSL certificate, one with a self-signed certificate, and one with an expired certificate.

Show Hint