How to Setup Postman to make Mutual TLS API Calls
If you are planning to use Postman for testing the api you will need to make the following changes to support Mutual TLS.
General Postman Settings
Open the general settings panel by clicking the wrench icon in the upper left corner
Under the General tab turn off SSL certificate verification
Switch to the Certificates tab and add the development certificate with the following settings:
- Host
primelocal
- Port
9443
- CRT File
config/tls/devlocal-mtls.cer
- KEY File
config/tls/devlocal-mtls.key
Postman Environment settings
You will need to configure the base url for development or other environment you plan to connect to. Click on the gear icon near the environment pull down in the upper right of the application.
This will open the Manage Environments dialog. Select Add in the lower right corner
Fill in the following details in the add new dialog and click Add
- Variable
baseUrl
- Initial Value
https://primelocal:9443/prime/v1
- Current Value
https://primelocal:9443/prime/v1
Once you have added this environment and closed the dialog select the new environment from the pull down.
Troubleshooting Postman
ECONNREFUSED error in Postman
If you see an error that looks like the following, Postman cannot connect to your server.
Solution: Make sure your server is running with
make server_run
.Unauthorized
If the endpoint returns Unauthorized, this could mean that your DB was unpopulated and the server was unable to find your authorization.
The authorization for the devlocal certifications is stored in the milmove database. Perhaps your database does not contain the authorization? One common reason is that you have an old or empty database.
Solution: Make sure you have a up-to-date and populated DB by running
make db_dev_e2e_populate
Socket hang up / TLS handshake error
If you see an error that say socket hangup, the server hung up on Postman, likely due to authentication.
This could be a certs related issue. Check your server log in the terminal, do you see a TLS handshake error?
2021-01-29T02:20:25.902Z ERROR http/server.go:3093 http: TLS handshake error from 127.0.0.1:61467: tls: client didn't provide a certificate
If so, this means Postman did not send your certificates successfully to the server when making the request, OR the server did not send the correct cert back.
Solution: Make sure you have your
devlocal-mtls.cer
anddevlocal-mtls.key
set up as described above in General Postman Settings. This ensures you are sending the correct cert.If you are using
devlocal
, the server does not send a correct certificate back. Check that you have SSL certificate verification set to off in the Settings, this ensures you are not trying to verify that certificate.