client certificate not sent by postman

Question

Can anyone shet some light on how I can debug the matching of certificates configured in Postman?

Problem: I’m trying to connect to a REST service using a SSL client certificate. I configured it in the settings tab the same way as in set-and-view-ssl-certificates-with-postman

When checking the console I don’t see the certificate being sent and get failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40

Context:

Postman v 6.4.2 running on windows 10

(for security reasons some information below replaced by dummy info)

Using the same certificate/key/password I can setup a connection using openssl. (checked for validity of certificates, TSL v1.1 and v1.2 supported, no SNI issues) The server certificate is signed by a trusted CA (I tested with both --SSL certificate verification-- on and off ) In the Postman console I dont see the certifciate being sent.

---- [console output] ----

GET https://somehost:443/somepath?someparameter=9076443&somedate=2017-02-17T00:00:00.000

Error: write EPROTO 101057795:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:



    Request Headers:
        appid:“42”
        cache-control:“no-cache”
        ipaddress:“192.68.1.1”
        postman-token:“some-token”
        role:“Applicatie”
        userid:“6x9”

---- [end console output] ----

image of certificate configuration

I matched, matched and rematched the hostname

A search on the interweb did not learn me anything I did not try yet…

Questions

Is there any debug option that will show the way the certificates are matched
is there any way I can force postman to pick a configured certificate
any other ideas on how to proceed on this problem

any help appreciated

Additional info

Monitoring with wireshark shows no certificate is sent. (Postman console did not show a certificate being sent. I assume from examples that it will log which certificates it will/does send for a given request)

snippet wireshark output

Postman app in chrome it does work from chrome, using the chrome keystore Using the pk12 form of the same key (original postman request uses the .cer form) imported into the chrome keystore, the requests work.

Chrome app will not do

Obvious question is: “why not keep using the chrome app” because its depricated and we use the newer 6.x test functions not supported in version 5.x

Question posted on Postman help forum with no answer about a week ago: OP on postman helpforum

Additional additional info

It works on newman

Answer 1

I had same issue when I typed path to CRT and KEY files instead of using file dialog. Just click Choose File button instead of pasting file path when adding certificate.