I try to test a 'strange' GET request where I have to provide a BASIC authentication and a client side certificate.
I try to check it with Postman Chrome but I did not understand how to link the certificate from chrome personal certificate to my request.
I saw this discussion : https://github.com/a85/POSTMan-Chrome-Extension/issues/482 but it is about MAC keystore and I can't transpose is to W7/Chrome.
Here is my java code set up that should do the same job as postman to help you understand what I want postman to do. We use that post to write it
InputStream is = context.getResources().getAssets().open("CertificateFile.p12");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
BufferedInputStream bis = new BufferedInputStream(is);
String password ="xxxxx";
keyStore.load(bis, password.toCharArray()); // password is the PKCS#12 password. If there is no password, just pass null
// Init SSL Context
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = kmf.getKeyManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, null, null);
HttpsURLConnection urlConnection = null;
String strURL = "theUrlITryToHit";
url = new URL(strURL);
urlConnection = (HttpsURLConnection) url.openConnection();
if(urlConnection instanceof HttpsURLConnection) {
((HttpsURLConnection)urlConnection)
.setSSLSocketFactory(sslContext.getSocketFactory());
}
urlConnection.setRequestMethod("GET");
String basicAuth = "Basic " + Base64.encodeToString("pseudo:password".getBytes(), Base64.NO_WRAP);
urlConnection.setRequestProperty ("Authorization", basicAuth);
Import a .p12 file Start Chrome. From the control menu, which is near the right of the address bar, click Settings > Show advanced settings. In the HTTPS/SSL section, click Manage Certificates. On the Trusted Root Certification Authorities tab, click Import > Next.
Go to Settings > Certificates and add the correct client certificate file (PEM for CA certificates, CRT, KEY, or PFX for self-signed certificates). You can check for certificate data being used from the Network response pop-up or the console as explained here.
I'm using a Mac, but its probably similar for you. If you can use CURL on your PC, see if you can get it to work with CURL first:
curl --insecure --cert-type P12 --cert /path-to/your-file.p12:the-password https://your-host.com/endpoint
Postman Settings:
Postman->preferences->General
SSL certificate verification OFF
Postman Certs:
Postman->preferences->Certificates
Client Certificates:
Host yourhost.com
CRT file
Key file
PFX file /path-to-file/CertificateFile.p12
Passphrase your-file-password
I was having a similar issue and just got it working. My private key and cert were stored in a .pem file, so I first needed to put them in to a format that Windows would use. I did that with the following command:
openssl pkcs12 -inkey mycertandkey.pem -in mycert.crt -export -out mycertandkey.pfx
I did this in linux but it should work in Windows as well, if you have openssl installed.
Run certmgr.msc
in Windows. Right-click the 'Personal' folder and select 'All tasks' -> 'Import...' and choose the .pfx file. Enter the passphrase and import it in to the 'Personal' folder.
Once that's done, you'll need to close your running Chrome windows. Then open Postman in a new window. When you attempt to connect to the URL, this time it should ask to confirm the use of the client cert. Once confirmed, you should be able to make calls to the URL from then on.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With