75

I have my brand new .NET Core service with API and I want to get list of items inside it. It's hosted on localhost and I always have this error:

16 ms
Warning: Unable to verify the first certificate
Network
Request Headers
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: e64e10c3-8e3a-4b47-9427-d994e2bdc9fd
Host: localhost:44397
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Request Body
Response Headers
Transfer-Encoding: chunked
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 19 Ja

n 2021 14:06:14 GMT
Response Body

How to fix it? I disabled/enabled SSL certification but it no helps.

Improve this question
6
  • 1
    forums.ivanti.com/s/article/…
    – Roman Ryzhiy
    Commented Jan 19, 2021 at 14:16
  • @RomanRyzhiy i tried both options but i can't understand option I, just don't understand how to export certificate, i don't have anything mentioned in instruction in that mmc.exe
    – Obyi
    Commented Jan 19, 2021 at 14:28
  • I have suddenly started to get this on my local machine too. In my case all of the settings in the answer below are turned off.
    – Username_null
    Commented Apr 9, 2021 at 8:43
  • Same issue during development localhost https .net.
    – AliK
    Commented May 4, 2021 at 23:41
  • Solved! Postman Version 9.14.6 pops up to disable SSL. On disabling Working fine
    – Muhammad Saad
    Commented Feb 28, 2022 at 4:57

10 Answers 10

Reset to default
70

There are 3 places to disable ssl verification:

  1. Request level: make sure it is off

enter image description here

  1. Global level: (Request level will have precedence)

enter image description here

  1. Remove client and CA certificate, turn it to off :

enter image description here

Improve this answer
6
  • 40
    Everywhere you pointed i have turned off SSL certificate and error still showing up, i don't understand why people giving -1 when somebody have uncommon issue.
    – Obyi
    Commented Jan 20, 2021 at 6:09
  • 2
    ANy luck, even iam also facing the same issue. even after turn off the ssl certificate
    – Vinoth
    Commented Mar 14, 2021 at 4:38
  • Is there a example website that you can reproduce this issue
    – PDHide
    Commented Mar 14, 2021 at 11:21
  • I completed all 3 of these and am still getting the same error
    – John
    Commented Mar 13 at 16:37
  • 1
    I have the same issue even after following the 3 steps
    – DennisL
    Commented Apr 10 at 1:36
6

May be you forgotten to add this lines into Program.cs,

app.UseAuthentication();
app.UseAuthorization();
Improve this answer
1
  • This fixed my problem. And also got rid of my missing aud claim error.
    – Ken Hadden
    Commented Aug 9, 2022 at 3:01
1

First, your OS (Windows, Mac, Linux) must trust this certificate.

Then, in Postman, go to Settings > Certificates, and enable CA certification, then select the same trusted certificate.

Improve this answer
1

I had the same issue with the Postman unable to verify the first certificate. The same localhost endpoint worked within a browser, but not in Postman while running in debug in VS. In my case re-installing IIS Express fixed the problem.

Improve this answer
1

upload the root ca of the certificate issuer in postman and it will work

Improve this answer
2
  • 5
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Jul 8, 2022 at 0:14
  • 1
    I has this issue with R3 (Let's Encrypt) certificate. To solve that, go to Settings -> Certificates -> CA Certificates and add the Root CA file. In my case it was ca.cer. Despite asking for a .pem file, I just sent the ca.cer file and it worked fine.
    – MMJ
    Commented Dec 22, 2022 at 20:33
0

I solved the issue for me by recognizing, that my CA certificate file ending on .cer actually was not in Base64 format, but in DER binary format. Exporting it again in the right format worked. Nevertheless, it's pretty disturbing, that Postman accepts a file with the wrong format without complaining...

Improve this answer
0

keep in mind ! this order might be an issue this will impact directly .

in program.cs file .....

app.UseAuthentication(); //first line should be

app.UseAuthorization(); //second line should be

correct order is above.

Improve this answer
1
  • Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Oct 14, 2023 at 12:33
0

For me the issue was that my controller was annotated with a router template [Route("api/[controller]")] but my endpoints were not. Adding endpoint annotations worked:

[HttpGet("get")]
public string Get()
{
    return "get";
}
Improve this answer
1
  • At the very least, I believe HttpGet("get")] is missing a [. /shrug
    – ruffin
    Commented Jun 6, 2023 at 13:30
0

In my case, I went to Settings > Certificates > enable CA certificates, then Select File and selected our bundle.crt file (not a PEM file) and it worked.

Improve this answer
0

Remove the whitespace at the end of the url.

This was the cause in my case and it took me hours to notice because I copy/paste the same url over and over again.

Why? I have no idea.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.