This post is applicable to the Postman Chrome app only. If you're using the Mac app, head to for details on ignoring SSL errors. Self-signed certificates are often used in testing and development environments to provide a layer of security for an API. As they are not verified by a trusted authority, accessing an API endpoint with something like through the Postman Chrome App, would throw up an error like this: With the legacy app, you could go to the root URL in Chrome and allow the browser to access URLs with self-signed certificates. But this doesn't work with the new packaged app.
If you try to hit a URL with a self-signed SSL certificate, you would get a 500 error as Chrome would decline the certificate: Turns out that there is a better solution to solve this a problem, and it also avoids adding an exception to Chrome every time you start the browser. This is how you do it:. Go to the root URL in your browser. Click on the lock icon on the top left in the URL bar. Open the Connection tab in the dropdown that comes up. Click on certificate information The dialog that comes up now depends on the operating system you are on. Chrome uses the underlying OS layer to handle SSL certificates.
Mac OS X. In the dialog that comes up, click 'View Certificate', and drag the certificate icon to your desktop to create a.cer file. Double click on the file to open the OS X Keychain Access tool.
Getting Chrome to accept self-signed localhost certificate. To allow the self signed certificates to be FULLY trusted in Chrome and Safari, you need to import a new certificate authority into your Mac. (x86) Google Chrome Application chrome.exe' --ignore-certificate-errors – mik-t Jul 15 '13 at 13:52. @jww Please do not flag.
Add the certificate to the System keychain and select 'Always trust'. Once the certificate is added, double click it to open more details. Expand the Trust item.
Select 'Always trust'. Close Keychain Access and restart Chrome Windows. In the certificates window, go to the Details tab 2.
Select Copy to File 3. Save the certificate file on your disk.
Close the certificate window. Go to Chrome Settings, search for SSL (chrome://settings/search#ssl) and click on Manage certificates 5. Go to the Trusted Root Certification Authorities tab and click on import 6. Select the file you saved on your disk in step 3. Close this window and restart Chrome. Linux. Go to the Details tab 2.
Select Export and save the file on your disk 3. Go to Chrome Settings, search for SSL (chrome://settings/search#ssl) and click on Manage certificates 4. Go into the Authorities tab 5.
Import the certificate 6. Restart Chrome You should be able to fire requests to the endpoints validated by this certificate. The SSL warning will not show up in Chrome even if you restart the browser. Do make sure that you have verified the IP where the certificate comes from.
This should only be done for verified IP addresses. This method also works for certificates for localhost. Make sure that the common name of the certificate while generating the certificate is localhost.
Let me know in the comments if you face any problems with this.
Over the weekend, some customers using Macs may have started seeing expired or invalid certificate warnings when trying to use Sprout Social. This is a problem caused by an expired intermediate certificate issued by DigiCert, the company that Sprout Social and many other websites use to get SSL certificates. This is not an issue with. We take extra steps to ensure that our SSL certificates do not expire to provide all customers with a secure user experience. Unfortunately, some Macs kept this expired certificate and stored it in their Keychain Access app.
For now, the fix requires manually removing the expired certificate from your machine. Click the magnifying glass in the upper-right hand corner of your screen and type “Keychain Access” and hit Return. Click “View” in the menu bar at the top of your screen and select “Show Expired Certificates.”. Use the search bar in the upper-right of the Keychain Access window and look for “digicert high.”. Find the entry named “DigiCert High Assurance EV Root CA” that expired on July 26, 2014. Right click that entry and select “Delete ‘DigiCert High Assurance EV Root CA’.”.
Quit the Keychain Access app, restart your browser, and you should be set!