Working with certificates

Postman provides a way to view and set SSL certificates on a per domain basis.

To manage your client certificates, click the gear icon on the right side of the header toolbar, choose Settings, and select the Certificates tab.

certificates tab

Adding a Client Certificate

To add a new client certificate, click the Add Certificate link.

In the Host field, enter the domain (without protocol) of the request URL for which you want to use the certificate, for example, https://postman-echo.com (view Collection for Postman Echo).

You can also specify a custom port to associate with this domain in the Port field. This is optional. If left empty, the default HTTPS port (443) will be used.

Choose your client certificate file in the CRT file field. Currently, Postman only supports the CRT format. Support for other formats (like PFX) will come soon.

Choose your client certificate key file in the KEY file field.

If you used a passphrase while generating the client certificate, you’ll need to supply the passphrase in the Passphrase field. Otherwise, leave it blank.

add certificate

Once your certificate is added, it should appear in the client certificates list.

client certificates list

NOTE: You should not have multiple certificates set for the same domain. If you have multiple ones set, only the last one added will be used.

Using a Certificate

You do not have to perform any extra steps to use a client certificate if it has been added. If you make a request to a configured domain, the certificate will automatically be sent with the request, provided you make the request over HTTPS.

You can verify this. To do so, open up your Postman console (CMD/CTRL + ALT + C). You can read more about the Postman Console. A new window will open up.

Now, send a request to https://postman-echo.com/get. Keep the Postman Console open if Postman version is lower than v7.10. Notice we’re using https to make sure the certificate is sent. Once the response arrives, switch over to the Postman console to see your request. If you expand your request, you will be able to see which certificate was sent along with the request.

Postman console view

Removing a Certificate

To remove a certificate, use the Remove link next to the certificate under the Certificates tab in the Settings.

remove certificate

Editing a Certificate

You cannot edit a certificate after it has been created. To make changes to it, you will need to remove the certificate and create a new one.

Let's Encrypt SSL certificates renew automatically—you do not need to carry out any manual steps. When a certificate is generated it has a 90 day expiry date and will renew seven days before it expires

Certificate data

Postman will indicate certificate information in the Network response pop-up for any HTTPS requests you send, including warnings and errors such as self-signed and expired certificates.

Network info

You can also see certificate info in the console.

Certificate info in console

If certificate verification fails, Postman will display an error message.

Certificate verification fail

You will see the error in the response area if you have SSL verification turned on. Disable SSL Verification to disable the setting globally and rerun the request.

Verification error

If you have SSL verification switched off either globally or for the individual request, you will see the detail of any errors or warnings in the response Network information.

Certificate error

You can find more information about failed certification in the console.

Certificate fail in console

You can toggle SSL verification on and off by default in the Postman Settings (click the gear icon at the top right) or for a specific request in the Settings tab.

Request SSL