bruno icon indicating copy to clipboard operation
bruno copied to clipboard

Published 20 hours ago verified publisher icon usebruno

Use system CA certificates and/or allow specifying additional CA certificates

Open brki opened this issue 1 year ago • 3 comments

On a Mac, I try to access a resource that uses a custom CA certificate; it fails with:

Error invoking remote method 'send-http-request': Error: self signed certificate in certificate chain

I already have that CA certificate in my keychain, so I can access corporate websites that use that CA certificate in a browser.

I am aware of the possibility to disable SSL verification, but don't like that idea. And neither do the security guys where I work.

I saw the issues https://github.com/usebruno/bruno/issues/739 and https://github.com/usebruno/bruno/issues/211 , which have a similar title and intention, but those people were satisfied when they discovered they could uncheck the SSL/TLS Certificate Validation checkbox.

Ideally, bruno would use the system CA certificates.

Insomnia has the same issue of not using the system certificates, but it allows specifying a CA certificate file to use. A solution like that would work for me too.

Is there by chance already some environment variable that I could use when launching bruno, so that it would look in a given file for certificates? In https://github.com/usebruno/bruno/issues/739, NODE_EXTRA_CA_CERTS was mentioned (didn't work, apparently).

And thanks for bruno!

brki avatar Nov 28 '23 15:11 brki

I see it's possible to specify a custom CA certificate now 😎 .

Thank you!

For ease of use, having the system CA certificates used would still be an improvement.

brki avatar Jan 31 '24 14:01 brki

First, let me express my satisfaction with this tool. Bruno is a valuable tool! Thanks for creating and maintaining!

I use custom CA certificates for some calls, too. I figured that I can also provide one file containing multiple CA certificates, which is very helpful.

What I am missing though, is having the option to go with the default set of commonly accepted CA certificates and add a few more CA certificates for some specific systems.

At the moment, I get myself going by either ticking off Use custom CA certificate when connecting to systems that use official certificates – and re-enable this option (which fortunately keeps the file reference ❤️ ) when connecting to systems using certificates issued by private CAs.

I would appreciate, if there was a choice of either extending or replacing the list of trusted CAs. Thank you!

j-lebek avatar Mar 13 '24 15:03 j-lebek

Addressed in #1863

slowjoe007 avatar Mar 20 '24 06:03 slowjoe007