7

I'm trying to call open banking production endpoint but It keeps kicking me out as I believe root certificate for MTLS is not picking up from the certificate store. How does postman pick the correct certificate from the certificate store?

Following is what my sandbox request looks like and it's working just fine as the certificate is getting from the certificate store.

But for production I get;

Error: write EPROTO 1316197336:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:../../third_party/boringssl/src/ssl/tls_record.cc:587:SSL alert number 40

enter image description here When you uploading a certificate to your certificate store, is there any additional setup you have to do?

Damith
  • 121
  • 1
  • 1
  • 7

1 Answers1

0

In order to use client mTLS certificates in Postman you need to configure them for each particular domain through Postman settings.

So you need to open Postman Settings -> select Certificates tab -> press Add Certificated (under Client Certificates) -> Provide Host you are connecting to as well as your certificate file and private key for the certificate (or alternatively you could use a PFX file). Also remember to provide a Passphrase from your private key, in case you use one.

And for another host you would be able to use another client certificate, which is handy.

Fedor
  • 1,392
  • 1
  • 17
  • 30
  • That's I've done. I can see it's picking up the client certificate. But if you look at the screenshot, what's missing is the Network part where I can see the root certificate for the domain I'm calling. (You can see it under peerCertificate in the screenshot) – Damith Aug 27 '20 at 06:57
  • @Damith do you have SSL certificate verification OFF? not sure, but that may solve your problem. – Fedor Aug 27 '20 at 10:24
  • Yeah that disables as well but with no luck – Damith Sep 01 '20 at 07:35
  • I'm having the same issue, and unfortunately, this didn't solve it either :( – Brad Ahrens Apr 13 '21 at 21:23