Postman Reports Certificate Expired for Sectigo Chains

[dcatcendyn]

Describe the bug
Certificates signed by Sectigo and trusted through USERTrust are reporting the error "Error: certificate has expired". This is related to https://www.namecheap.com/blog/sectigo-ssl-certificate-root-expiration-issue

In this case the operating system and browser select the correct chain but Postman appears to have its own chain validation and incorrectly fails on the first chain that expires.

To Reproduce
Steps to reproduce the behavior:

1. Go to HTTPS URL signed by Sectigo / USERTrust Chain - I can provide a URL for testing but did not want it public
2. Simply make a GET request
3. See error

Expected behavior
Trust Sectigo Chains Signed by USERTrust without having to bypass certificate verification.

Screenshots

App information (please complete the following information):

• Postman MacOS and Windows
• Postman Versions 7.25.1 & 7.25.2 (only ones tested)
• OS: [e.g. MacOS 10.15.5, Windows 10]

Additional context
Very simple, just make an HTTPS call to any HTTPS site protected by Sectigo/USERTrust

[codenirvana]

@dcatpegs can you share a testing endpoint with us on help@getpostman.com?

[MukeshMM]

i am also getting same issue after updating postman

[codenirvana]

We are investigating this issue till then anyone who's facing this issue please disable the "SSL certificate verification" setting to unblock yourself.

[giorod3]

that workaround worked well thank you!

[harryi3t]

@dcatpegs @MukeshMM @giorod3
We have identified the issue and have pushed a fix on our canary channel which can be downloaded from https://www.getpostman.com/downloads/canary

We will be pushing the fix on the stable channel soon.

[dcatcendyn]

Thanks! I have tested Canary and it was successful. I will test stable when its released.

[numaanashraf]

We've released v7.25.3 on stable which includes a fix for this.

[felipeabou]

I am facing this issue right now. Postman says the SLL certificate is expired, but it's not:

[dcatcendyn]

@felipeabou - Your issuer R3 is "Let's Encrypt" which had a root expiration this week I believe. I'm thinking Postman may have its own cert store or your OS cert store is dated and has an expired root. But I'd open a new ticket on this as this was has been closed for over a year.

[bratanon]

Same issue for we aswell now. With R3.

[lboix]

@felipeabou @dcatpegs @bratanon this is likely related to this article : https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

We have some developers having issues too since this morning : they are using Postman to hit our APIs (we use Let's Encrypt to issue their SSL certificates) and getting this same message "SSL Error: Certificate has expired" for each hit.

We are using the workaround to disable “SSL certificate verification” for now.

(I am using MacOs 11.6 and Postman 9.0.3)

[deyvisPedrosa]

The same for me after updating Postman to version 9.0.3 this morning.

[bratanon]

Using the app from snap.

Postman for Linux
Version 9.0.4

[adamsommer]

I'm having the same issue today as well. I had the issue BEFORE upgrading to 9.0.3 and the issue persists AFTER upgrading to 9.0.3

This is still a problem

[numaanashraf]

We are investigating this and further updates will be posted on #10338