Postman SSL Verification Failing

Question

We've deployed a Windows 2016 Web Server that is hosting a mobile app, and have configured routes through our F5. The F5 iApp is currently configured to use SSL Bridging using a wildcard certificate - which we can verify is good by using any browser to navigate to our application and see a "good" certificate. We're using Postman to check our login process which when working returns a token; however, when we enable SSL Verification in Postman, it returns an error as if the certificate is self-signed (which we know is not true as it was purchased from a trusted CA). When we circumvent the F5, Postman's SSL Verification is successful. What are we missing?

kevin_stewart · Answer

It may be that, according to this: https://github.com/postmanlabs/postman-app-support/issues/3152, Postman doesn't contain the necessary CAs in its trust store to validate your server cert.&nbsp;

svs · Answer

Hi,&nbsp;
your description is confusing, because you say, that have configured the VS to do SSL Bridging, what means, that the SSL Hanshake is not terminated on the BIG-IP. This would mean, that the BIG-IP is only terminating the connection up to Layer 4 (TCP). In this case the Pool Member/Node (Backend Server) is handling the SSL Handshake and provide the certificate (chain).&nbsp;
I assume that you have configured the BIG-IP to handle the SSL Handshake as well, by assigning SSL Client (and Server) profiles. In this case please check if the certificate chain is fully configured in the SSL client profile. You need to select the intermediate certificate as chain certificate within the certificate selection option. If there are more than one intermediate certificate, you need to create a chain file, containing all the intermediates (use the Bundle Manager).&nbsp;
Now to your issue regarding Postman. I've seen many times, that customers have imported the intermediate certificates into the users certificate store. In this case the configuration on the server is still wrong, but the client wouldn't see any issue, because the chain certificates are in the certificate store and the chain can be fully resolved. I thought that Postman would use the users certificate store as well, so this is confusing. Do you connect using a name or IP address, that is matching the certificates CN or any of the SANs?&nbsp;
Cheers, svs&nbsp;

isabella357_373 · Answer

Hi, I am facing the same issue, how did you actually solve it?&nbsp;

alfa_is_267676 · Answer

In the iApp, we are using SSL bridging ("Terminate SSL from clients, re-encrypt to servers") which gives us the option for assigning an intermediate certificate (3 drop downs - cert, key, and intermediate). When we posted our question, we were not using the intermediate option (it was set to "Do not use..."). Once we added the CA's intermediate, the issue was resolved.&nbsp;
Hope this helps!&nbsp;

Forum Discussion

Postman SSL Verification Failing

4 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

postman collection

SSL Bridging verification

iControlREST Auth Token and Transaction Example (Postman)

Google Authenticator Token Verification iRule For APM

Error: read ECONNRESET error while using Postman for API calls after change to irule