Working with certificates
Postman provides a way to view and set SSL certificates on a per domain basis.
To manage your client certificates, click the wrench icon on the right side of the header toolbar, choose "Settings", and select the Certificates tab.
To add a new client certificate, click the Add Certificate link.
In the Host field, enter the domain (without protocol) of the request URL for which you want to use the certificate, for example,
https://postman-echo.com (view Collection for Postman Echo).
You can also specify a custom port to associate with this domain in the Port field. This is optional. If left empty, the default HTTPS port (443) will be used.
Choose your client certificate file in the CRT file field. Currently, Postman only supports the CRT format. Support for other formats (like PFX) will come soon.
Choose your client certificate key file in the KEY file field.
If you used a passphrase while generating the client certificate, you’ll need to supply the passphrase in the Passphrase field. Otherwise, leave it blank.
Once your certificate is added, it should appear in the client certificates list.
NOTE: You should not have multiple certificates set for the same domain. If you have multiple ones set, only the last one added will be used.
You do not have to perform any extra steps to use a client certificate if it has been added. If you make a request to a configured domain, the certificate will automatically be sent with the request, provided you make the request over HTTPS.
You can verify this. To do so, open up your Postman console (CMD/CTRL + ALT + C). You can read more about the Postman Console. A new window will open up.
Now, send a request to
https://postman-echo.com/get. Keep the Postman Console open if Postman version is lower than
v7.10. Notice we’re using
https to make sure the certificate is sent. Once the response arrives, switch over to the Postman console to see your request. If you expand your request, you will be able to see which certificate was sent along with the request.
To remove a certificate, use the Remove link next to the certificate under the Certificates tab in the Settings.
You cannot edit a certificate after it has been created. To make changes to it, you will need to remove the certificate and create a new one.
Let's Encrypt SSL certificates renew automatically—you do not need to carry out any manual steps. When a certificate is generated it has a 90 day expiry date and will renew seven days before it expires
Postman will indicate certificate information in the Network response pop-up for any HTTPS requests you send, including warnings and errors such as self-signed and expired certificates.
You can also see certificate info in the console.
If certificate verification fails, Postman will display an error message.
You will see the error in the response area if you have SSL verification turned on. Disable SSL Verification to disable the setting globally and rerun the request.
If you have SSL verification switched off either globally or for the individual request, you will see the detail of any errors or warnings in the response Network information.
You can find more information about failed certification in the console.
You can toggle SSL verification on and off by default in the Postman Settings (wrench icon at the top right) or for a specific request in the Settings tab.