Newest update throws: SSL peer certificate or SSH remote key was not OK

[muuvmuuv]

Describe the bug

I have updated CODE today and now no request is working anymore. It throws the following:

SSL peer certificate or SSH remote key was not OK

To Reproduce

Idk ^^ maybe try to request a self-signet cert endpoint.

Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior

No browser or my App is throwing this so I expect it to just work.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. macOS 10.15.1]
• Installation Method: [e.g. homebrew]
• App Version [e.g. v7.0.3]

Additional context

Idk what the prev. version was or if there is any logs I could paste here. Just tell me.

[muuvmuuv]

This works:

curl --request POST \
  --url https://api.m8finder.lcl/auth/login \
  --header 'content-type: application/json' \
  --data '{
	"email": "Xxxxx",
	"password": "123456"
}'

Directly exported from Insomnia

[baleeds]

I'm also hitting the same issue.

Edit: Fixed by unchecking "Validate certificates" in settings.

[designed4device]

I'm also hitting the same issue.

Edit: Fixed by unchecking "Validate certificates" in settings.

Works, but this is a security vulnerability. We have not found a way to get this working with validation aside from downgrading insomnia. Best I can tell is it is some weird incompatibility with how my company's cert authority issues certs and insomnia. Would really like to see a fix for this so we can upgrade to latest versions.

[6utt3rfly]

Edit: Fixed by unchecking "Validate certificates" in settings.

This is required to login to Insomnia accounts as well (fresh install)

[iomarcovalente]

I can confirm that downgrading to v7.1.0 solves this and certificate validation works as intended.

[daguitosama]

Im using v 7.1.1 and im experimenting the same issue when i test my deployed api, wich it's over a ( from Let's Encrypt ) valid SSL cert.
I will like to add that this bug it's a real deal breaker, since we shuold test our secure apis over secure http.

[ralphcallaway]

running into this when i'm running a secure site on localhost and a self signed cert (setup with mkcert), browsers, curls, and openssl are all happy. perhaps insomnia is using a different CA trust store location? that would mesh with most systems being happy, but insomnia erroring

Version: Insomnia Core 2020.5.2
Release date: 12/9/2020
OS: Darwin x64 19.6.0
Electron: 9.1.1
Node: 12.14.1
V8: 8.3.110.13-electron.0
Architecture: x64
node-libcurl: libcurl/7.69.1 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.7 libidn2/2.1.1 libssh2/1.9.0 nghttp2/1.41.0

[willemdh]

Same issue.. All of a sudden I keep getting SSL certificate problem: unable to get local issuer certificate

Version: Insomnia Core 2020.5.2
Release date: 09/12/2020
OS: Windows_NT x64 10.0.19042
Electron: 9.1.1
Node: 12.14.1
V8: 8.3.110.13-electron.0
Architecture: x64
node-libcurl: libcurl/7.69.1-DEV OpenSSL/1.1.1d zlib/1.2.11 WinIDN libssh2/1.9.0_DEV nghttp2/1.40.0

[designed4device]

Any plans on addressing this? We are stuck using a version of Insomnia that is well over a year old...

[sysarch-repo]

I have experienced the "SSL certificate problem: unable to get local issuer certificate" problem on my Win10 laptop and have solved it as follows for Insomnia 2021.4.1:

1. If not already included, add the CA cert PEM data into the ca-certs.pem file used by the Insomnia TLS client. Note, the file location is exposed in the timeline tab of the HTTPS response (adjust the userName and Insomnia version as needed).

* successfully set certificate verify locations:
*  CAfile: C:\Users\<userName>\AppData\Local\Temp\insomnia_2021.4.1\ca-certs.pem
*  CApath: none

2. For mTLS, create client certificate in the Insomnia Collection Settings for the host name of the TLS server and port (e.g. "server.example.com:8443", and upload the client cert / key PEM data your TLS client wants to use with the HTTPS request.

[ubeogesh]

just a clarification on prevous response by @richardjudgeman

the "CAfile" is just a text file with a list of base64 encoded certificates.
You can open it in notepad and append another base64 encoded certificate (for example, your company's Certficatioin Authority, which you can export in base64 format from certmgr.msc windows console)

i think insomnia needs a more apparent way of adding custom CAs. Many people use it corporate environment and probably just turn off the SSL valdation, which is not good.

[MB175]

just a clarification on prevous response by @richardjudgeman

the "CAfile" is just a text file with a list of base64 encoded certificates. You can open it in notepad and append another base64 encoded certificate (for example, your company's Certficatioin Authority, which you can export in base64 format from certmgr.msc windows console)

i think insomnia needs a more apparent way of adding custom CAs. Many people use it corporate environment and probably just turn off the SSL valdation, which is not good.

@ubeogesh what is the path of the CAFile ?

[valentinoPereira]

I am using an application API locally with an invalid ssl certificate and insomnia is not able to call it, it gives me a Error: SSL peer certificate or SSH remote key was not OK error

I went to the General settings and unchecked validate certificates checkbox, but it still shows me the same error.. The request works on my browser well.. It seems like a bug in insomnia where it is not disabling ssl validation.

The request even works fine on postman after disabling ssl validation.

[ubeogesh]

@MB175 i don't think this is a viable approach anymore - i cannot find the CAfile anymore. Previously it could be found from the log on the "Timeline" tab. So apparently now the only way is to turn off certificate validation

[MB175]

@MB175 i don't think this is a viable approach anymore - i cannot find the CAfile anymore. Previously it could be found from the log on the "Timeline" tab. So apparently now the only way is to turn off certificate validation

Okay i see, thanks for replying. Some day there will be a way I guess

[Lavanyashankar09]

I'm getting the same issue when I run the request in Insomnia CLI. "[network] Response failed req=req_9ea8430a7dd04ae8a495b9cd5af8d9b6 err=Error: SSL peer certificate or SSH remote key was not OK".
I got the same error when the ran the request in the Insomnia App but there " I disabled the Validate Certificate option under settings".
So How do I disable Validate Certificates for Insomnia CLI?

[okonon]

I added custom CA and still getting same Error: SSL peer certificate or SSH remote key was not OK error. Same cert file works in Postman no problem.

[SannanOfficial]

Any updates? This is not even working for me in a production environment.

[subnetmarco]

We are actively working on a resolution for this issue, we will link this issue to the PRs once they come out.

[subnetmarco]

We were able to determine the cause of this issue and we will try to get it merged for our December release next week. It was a tricky one, thanks @notjaywu for the contribution.

[subnetmarco]

This issue should be finally fixed in the recently released v8.5.

[notjaywu]

We switched to using SecureTransport to access the Keychain on macOS to fix this issue in the 8.5.0 release.

Using SecureTransport allows us to access the Keychain, but it also has some limitations:

1. Not support for TLS v1.3
2. Not support for certificate and key pair

Using other solutions like OpenSSL, allows us to support TLS 1.3 and client certificates in the app, but we lose access to the macOS Keychain.

But macOS Keychain certificates could be imported into Insomnia if we use OpenSSL (you would have them in two places, Insomnia + Keychain).

So we will revert to using OpenSSL on macOS in the next 8.5.2 release.