0
0
PostmanHow-ToBeginner · 4 min read

How to Use Certificate in Postman for Secure API Testing

To use a certificate in Postman, go to Settings > Certificates and add your client certificate by specifying the host, CRT file, and key file. Postman will then use this certificate automatically when sending requests to the specified host, enabling secure SSL/TLS authentication.
📐

Syntax

In Postman, you add certificates through the Settings > Certificates section. The key parts are:

  • Host: The domain or IP where the certificate applies.
  • CRT file: The client certificate file (.crt or .pem format).
  • Key file: The private key file associated with the certificate (.key format).
  • Passphrase (optional): Password for the key file if encrypted.

Postman uses these details to attach the certificate when making requests to the matching host.

text
Host: example.com
CRT file: /path/to/client.crt
Key file: /path/to/client.key
Passphrase: optional_password
💻

Example

This example shows how to add a client certificate for api.example.com in Postman and send a request using it.

text
1. Open Postman.
2. Click the gear icon (Settings) in the top right.
3. Go to the "Certificates" tab.
4. Click "Add Certificate".
5. Enter the following:
   - Host: api.example.com
   - CRT file: /Users/you/certs/client.crt
   - Key file: /Users/you/certs/client.key
   - Passphrase: (leave blank if none)
6. Save the certificate.
7. Create a new GET request to https://api.example.com/secure-data
8. Send the request. Postman will use the certificate automatically.
Output
HTTP/1.1 200 OK { "data": "Secure information accessed with client certificate" }
⚠️

Common Pitfalls

  • Wrong host name: The certificate only works if the request host exactly matches the host you set in Postman.
  • Incorrect file formats: Use valid .crt and .key files; other formats may cause errors.
  • Missing key file: Both certificate and key files are required unless the certificate includes the key.
  • Passphrase issues: If your key file is encrypted, provide the correct passphrase or Postman won’t use the certificate.
  • Server certificate errors: Client certificates don’t fix server SSL errors; you may need to disable SSL verification in Postman settings for testing.
text
/* Wrong way: Host mismatch */
Host: wrong.example.com
CRT file: /path/client.crt
Key file: /path/client.key

/* Right way: Exact host match */
Host: api.example.com
CRT file: /path/client.crt
Key file: /path/client.key
📊

Quick Reference

Remember these quick tips when using certificates in Postman:

  • Always match the Host exactly.
  • Use valid certificate and key files in .crt and .key formats.
  • Provide passphrase if your key is encrypted.
  • Disable SSL verification in Postman if server SSL errors block testing.
  • Certificates are for client authentication, not server trust validation.

Key Takeaways

Add client certificates in Postman Settings under Certificates with correct host and file paths.
Ensure the host in Postman matches the request URL exactly for the certificate to be used.
Use valid .crt and .key files and provide passphrase if needed.
Client certificates enable secure SSL/TLS authentication for APIs requiring them.
Disable SSL verification in Postman if server certificate errors prevent testing.

Related by keyword

How to Use Postman for API Testing: Step-by-Step GuideGetting StartedHow to Use Postman Web Version for API TestingGetting StartedWhat is Postman: API Testing Tool Explained SimplyGetting StartedWhat Is Postman Used For: API Testing and Development ToolGetting StartedHow to Use API Key in Postman: Step-by-Step GuideRequests

Up next

How to Publish Documentation in Postman EasilyHow to Use Postman for API Design: Step-by-Step GuideHow to Fix 401 Unauthorized Error in Postman QuicklyHow to Fix Connection Refused Error in Postman Quickly

More in Advanced

How to Generate Code Snippets in Postman QuicklyHow to Handle Cookies in Postman: Easy Steps and FixesHow to Test GraphQL in Postman: Step-by-Step GuideHow to Test WebSocket in Postman: Step-by-Step Guide