Use Bruno with custom CA

[Olfi01]

I am trying to use Bruno with a custom CA that is already installed on my computer, however the request fails verifying the certificate. Setting the NODE_EXTRA_CA_CERTS variable on a system level did not fix the problem.

Is there a way to either

• Disable certificate verification for Bruno, but not all nodejs processes on my computer
  or
• Make Bruno recognize my custom certificate authority?

Any help would be much appreciated.

[Olfi01]

One minute after opening this, I realized that Bruno has a setting to disable SSL verification.
I feel stupid, but to avoid others stumbling across the same problem: The little gear icon on the bottom left opens Bruno settings, where this is the first visible option.

[helloanoop]

Your not alone @Olfi01
Too many people have encountered this

I am considering adding tip somewhere in the UI when the response is related to ssl issue.

Also, Click on the right handside top gear icon, you will open collection level settings where you can add collection level client certificates.

[Olfi01]

@helloanoop From my understanding, client certificates are the ones being sent by the client, or am I wrong? In my case, the client does not need to send a certificate, but doesn't trust the server's certificate because it's from a custom CA. I don't have a key file or anything that I could enter as a client certificate, because I really just need to trust the server's CA.

[sysadmind]

Your not alone @Olfi01 Too many people have encountered this

I am considering adding tip somewhere in the UI when the response is related to ssl issue.

Also, Click on the right handside top gear icon, you will open collection level settings where you can add collection level client certificates.

It would be nice to have the SSL Certificate Verification setting at the collection level. You might have a collection for an API that you're running locally with self signed certificates that you don't care to validate, but another collection might be for a public API where you want the protection.

[Olfi01]

@sysadmind maybe even a configurable variable depending on environment?

[Kryan90]

It would be great if we could provide a private CA to use on a per-request or per-collection basis. If not, being able to turn off SSL verification on specific requests/collections would be a good middle ground for our use case.

[DRob1260]

@helloanoop From my understanding, client certificates are the ones being sent by the client, or am I wrong? In my case, the client does not need to send a certificate, but doesn't trust the server's certificate because it's from a custom CA. I don't have a key file or anything that I could enter as a client certificate, because I really just need to trust the server's CA.

I have this same challenge. Other API clients like Postman/Insomnia allow you to specify a CA certificate in addition to Client Certificates. I would love if Bruno could do the same! :)

[mindshoot]

Just to say that I am in the process of encouraging my employer to move in the direction of Bruno, and this has been the single issue that might throw a spanner in the works. The pull request that is awaiting approval would solve that problem for us in a stroke, by the look of it.

[melslow]

Just to say that I am in the process of encouraging my employer to move in the direction of Bruno, and this has been the single issue that might throw a spanner in the works.

Indeed, would be a massive (must-have) feature for us as well.

[helloanoop]

Support for specifying Custom CA is now available in v1.6.0 🎉 🎉
Thank you @BrandonGillis for working on this (pr: #1155)

Collection Level CA is being tracked in #1324

[mindshoot]

Super-fast response, thanks very much everyone! I've tested the new release here with our local certificate and everything works exactly as we need, so the spanner has been safely averted!