How to add a client side pkcs12 certificate to Postman Chrome, W7 ?

java android google-chrome ssl postman

40,610

Solution 1

I was having a similar issue and just got it working. My private key and cert were stored in a .pem file, so I first needed to put them in to a format that Windows would use. I did that with the following command:

openssl pkcs12 -inkey mycertandkey.pem -in mycert.crt -export -out mycertandkey.pfx

I did this in linux but it should work in Windows as well, if you have openssl installed.

Run certmgr.msc in Windows. Right-click the 'Personal' folder and select 'All tasks' -> 'Import...' and choose the .pfx file. Enter the passphrase and import it in to the 'Personal' folder.

Once that's done, you'll need to close your running Chrome windows. Then open Postman in a new window. When you attempt to connect to the URL, this time it should ask to confirm the use of the client cert. Once confirmed, you should be able to make calls to the URL from then on.

Solution 2

I'm using a Mac, but its probably similar for you. If you can use CURL on your PC, see if you can get it to work with CURL first:

curl --insecure --cert-type P12 --cert /path-to/your-file.p12:the-password https://your-host.com/endpoint

Postman Settings:

Postman->preferences->General
SSL certificate verification OFF

Postman Certs:

Postman->preferences->Certificates
Client Certificates:


Host yourhost.com
CRT file
Key file
PFX file  /path-to-file/CertificateFile.p12  
Passphrase your-file-password

40,610

Author by

Poutrathor

Updated on July 09, 2022

Comments

Poutrathor almost 2 years

I try to test a 'strange' GET request where I have to provide a BASIC authentication and a client side certificate.

I try to check it with Postman Chrome but I did not understand how to link the certificate from chrome personal certificate to my request.

I saw this discussion : https://github.com/a85/POSTMan-Chrome-Extension/issues/482 but it is about MAC keystore and I can't transpose is to W7/Chrome.

Here is my java code set up that should do the same job as postman to help you understand what I want postman to do. We use that post to write it

        InputStream is = context.getResources().getAssets().open("CertificateFile.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        BufferedInputStream bis = new BufferedInputStream(is);
        String password ="xxxxx";
        keyStore.load(bis, password.toCharArray()); // password is the PKCS#12 password. If there is no password, just pass null
        // Init SSL Context
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
        kmf.init(keyStore, password.toCharArray());
        KeyManager[] keyManagers = kmf.getKeyManagers();
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, null, null);
        HttpsURLConnection urlConnection = null; 
        String strURL = "theUrlITryToHit";
        url = new URL(strURL);
        urlConnection = (HttpsURLConnection) url.openConnection();
        if(urlConnection instanceof HttpsURLConnection) {
            ((HttpsURLConnection)urlConnection)
            .setSSLSocketFactory(sslContext.getSocketFactory());
        }
        urlConnection.setRequestMethod("GET");
        String basicAuth = "Basic " + Base64.encodeToString("pseudo:password".getBytes(), Base64.NO_WRAP);
        urlConnection.setRequestProperty ("Authorization", basicAuth);

Poutrathor about 9 years

I will try that (even if I don't need it anymore). Thank you
jakejgordon about 8 years

I had an issue where I want to call a service that required a client certificate. Postman correctly prompted me to pick a client certificate to send, but I didn't have it imported into my Personal folder. After importing it I couldn't get Postman to re-prompt me for the certificate. I had to not only close Chrome and postman, but I had to kill all of the Chrome.exe processes that were still running. Then when I opened Postman again and called the service it prompted me and I was able to pick the correct cert.
Pierluigi Vernetto over 4 years

on a MAC it should work, but only because curl for Mac supports p12 ... on other platforms you have to use .pem - I think it's due to the specific build and the security libraries used (netscape vs others)
Seyed Morteza Mousavi over 3 years

Worked on Ubuntu.
Saion Chatterjee about 3 years

Why would you turn OFF the postman setting SSL cert verification? I guess with this turned off, postman would not even attempt to send the client certificate to the server. Thus it won't work as it should.