Ability to use Client Certs Programmatically

[ryanharmaning]

Currently, use of Client Certs in Postman requires manually saving and pointing to a physical file accessible to the local system.

For apis that use Cert-based auth (where certs are generated repeatedly) and in which subsequent api calls are dependent, this is a slow, manual process that also prevents any sort of automation for test suites that require these constantly changing certs.

Propose a method whereby .key and .crt values set as Postman Environment Variables could be passed as valid certs like when using the Settings\Certificates method. This would remove the need to repeatedly create .crt and .key files manually and point to them in Settings/Certificates. Additionally, it would presumably allow creation of automated test suites where new certs are generated, used, then discarded for each run.

[mrsi]

Also looking to be able to do this. We would like to test an automated method of issuing and later on using client SSL certificates.

[jtonic]

I found this very important. When working with almost tens of collections it is quite tedious to setup (again) the certificates whenever it they are changed. Scripts which could be run o different execution lifecycle steps would simplify a LOT the work.

Is there any intention to implement this?

Thanks.

[hbertsch]

Hey guys,

I too find this VERY important, since our tests require unique client certificates for each client we test. The client certificate is then used against a variety of different host names per stage (total number = stages x hostnames). So we have to type our handy bloody by manually adding client certificates that could be extracted from the payload for like 20 Host names... This is killing me. Also this is super error prone.

So what we do is to switch from Postman to CURL or Python Requests in these cases, since the disadvantage of setting client certificates manually weighs more than the advantages of Postman.

[hbertsch]

@postman-support any update on this request? We are in constant paint to remove and add individual client certificates manually. We really would love to be able to set them via script, so that we can test different clients on the same host name.

[SathishKumarRamasamy]

+1

[xaviergm]

Hi @a85 This has been opened for 3.5 years now... I added this to the forums today:

• Feature request: Multiple User-Dependent Certificates for the Same Host

But was told to create a feature request here instead. Then, I found this was already open but not moving. I decided to comment on this one to try and resurface it. I may open a new one as well if this does not work in the next days.

This is a really important and beneficial enhancement. And other tools (e.g. Advanced Rest Client by MuleSoft) have solved it already:

[dominik68]

Postman is not usable for mutual TLS use cases, where client certificate is required. Usually, you would have different clients using client specific certificates, but same hostname / API. Postman configuration only supports one client cert for one hostname, it is completely out of touch with reality. So we will contunue using cURL. Postman support pointed me to this feature request, which is nearly 4 years old. Not sure they meant seriously.

[charbel-z]

+1

[ghost]

I came here hoping for at least a discussion on the topic. Radio silence from the dev team for 4 years is pretty disheartening. This is obviously a very real problem for many of us, sad to see no action whatsoever on it.

[giridharvc7]

@jaredcollier @hbertsch @ryanharmaning folks, I'd love to understand this problem you are facing a bit deeper. If its okay for you, can we have a call? You can use this to schedule a meeting with me.

[sathyarajagopal]

+1 @giridharvc7 Please include me as well in the meeting if there is one planned. We need this feature too.

[giridharvc7]

Feel free to book a slot using the link above @SathishKumarRamasamy

[jlindblom-godaddy]

👍🏼 +1. At work we have different certs for different service clients that all use the same host for generating JWTs. Need to be able to select a specific cert for a request.

[sulthompson]

+1 as per others the need to authenticate to a single site with multiple certificates is a common need for my team. If there was some way to at least store multiple client certs for the same domain and then select the active one that would help. Now every time we switch authentication certificate we need to replace the certificate in settings.

[ejvk]

+1 - yes please!

[hemashrij]

We require this feature. Waiting for it for a long time. Thank you

[duyn9uyen]

Yes we need this too for all the reasons already mentioned.

[davidgilling-bentley]

I would also love for this feature to be added for the same reasons mentioned above. It is a major pain having to constantly mess around with the certs.

[parhedberg]

+1 here!

[tvio]

we have lot of applications on same host , each with different type of client certificate.

[sundarpn]

Looks like the dev team / product manager has practically ignored this request(s).

[n8mabl]

This would be a useful addition for my current line of work so updooting 🖖

[xaviergm]

Almost 6 years since this was first opened... we should throw an anniversary party for this request in June...

[sengupto]

⬆️ let's have this feature in 2024 ⬆️

[SeBastelstunde]

@a85 @giridharvc7 @shubhbhargav - could you guys give an update regarding this feature? Are there any plans or impediments for this.

Is there any other tool that could replace postman that has this functionality already?

[ramy-oubeid]

/There is a workaround if you running your collection with newman, you can read client certificate from external file, this is best practice for secret management rather than storing it in postman. So there is no point on fixing this issue.

const newman = require('newman'); // require Newman in your project
const fs = require('fs'); // require fs to read files from the file system

newman.run({
    collection: require('/Users/cloud/Documents/sample.json'), // provide the path to your Postman collection JSON file
    environment: require('/Users/cloud/Documents/env.json'), // provide the path to your Postman environment JSON file
    insecure: true, // disable strict SSL
    sslClientCert: fs.readFileSync('/Users/cloud/Documents/certs/test.crt'), // read the client certificate
    sslClientKey: fs.readFileSync('/Users/cloud/Documents/certs/test.key'), // read the client key
    sslClientPassphrase: 'your_passphrase_here', // include your passphrase here
    reporters: 'htmlextra', // use the htmlextra reporter
    reporter: {
        htmlextra: {
            export: '/Users/cloud/Documents/report', // specify the output directory for the report
            darkTheme: true, // optional, tells the reporter to use the Dark Theme template
            title: 'My new report title' // optional, specify the title for the report
        }
    }
}, function (err) {
    if (err) { throw err; }
    console.log('collection run complete!');
});`