Test Overview
This test checks if Postman correctly validates the SSL certificate of a secure API endpoint. It verifies that the request fails when SSL certificate validation is enabled and the certificate is invalid or self-signed.
0
0
SSL certificate validation in Postman - Test Execution Trace
Test Code - Postman
Postman
pm.test("SSL certificate validation test", function () { pm.sendRequest({ url: 'https://self-signed.badssl.com/', method: 'GET', rejectUnauthorized: true }, function (err, res) { pm.expect(err).to.not.be.null; pm.expect(err.message).to.include('self signed certificate'); }); });
Execution Trace - 5 Steps
| Step | Action | System State | Assertion | Result |
|---|---|---|---|---|
| 1 | Test starts in Postman with SSL certificate validation enabled | Postman is ready to send a GET request to https://self-signed.badssl.com/ | - | PASS |
| 2 | Postman sends GET request to https://self-signed.badssl.com/ | Request is in progress, Postman attempts SSL handshake | - | PASS |
| 3 | Postman detects SSL certificate is self-signed and invalid | SSL handshake fails due to certificate validation error | - | PASS |
| 4 | Postman returns error object with message about self signed certificate | Error received in callback function | Check that error is not null and error message includes 'self signed certificate' | PASS |
| 5 | Test assertion verifies error presence and message content | Assertions run inside pm.test block | pm.expect(err).to.not.be.null and pm.expect(err.message).to.include('self signed certificate') | PASS |
Failure Scenario
Failing Condition: SSL certificate validation is disabled or the certificate is trusted
Execution Trace Quiz - 3 Questions
Test your understanding
What causes the test to pass in this SSL certificate validation test?
Key Result
Always enable SSL certificate validation in your API tests to catch security issues with certificates, especially when testing against environments with self-signed or invalid certificates.