Postman Reports Certificate Expired for Sectigo Chains

[dcatcendyn]

Describe the bug
Certificates signed by Sectigo and trusted through USERTrust are reporting the error "Error: certificate has expired". This is related to https://www.namecheap.com/blog/sectigo-ssl-certificate-root-expiration-issue

In this case the operating system and browser select the correct chain but Postman appears to have its own chain validation and incorrectly fails on the first chain that expires.

To Reproduce
Steps to reproduce the behavior:

1. Go to HTTPS URL signed by Sectigo / USERTrust Chain - I can provide a URL for testing but did not want it public
2. Simply make a GET request
3. See error

Expected behavior
Trust Sectigo Chains Signed by USERTrust without having to bypass certificate verification.

Screenshots

App information (please complete the following information):

• Postman MacOS and Windows
• Postman Versions 7.25.1 & 7.25.2 (only ones tested)
• OS: [e.g. MacOS 10.15.5, Windows 10]

Additional context
Very simple, just make an HTTPS call to any HTTPS site protected by Sectigo/USERTrust

[codenirvana]

@dcatpegs can you share a testing endpoint with us on help@getpostman.com?

[MukeshMM]

i am also getting same issue after updating postman

[codenirvana]

We are investigating this issue till then anyone who's facing this issue please disable the "SSL certificate verification" setting to unblock yourself.

[giorod3]

that workaround worked well thank you!

[harryi3t]

@dcatpegs @MukeshMM @giorod3
We have identified the issue and have pushed a fix on our canary channel which can be downloaded from https://www.getpostman.com/downloads/canary

We will be pushing the fix on the stable channel soon.

[dcatcendyn]

Thanks! I have tested Canary and it was successful. I will test stable when its released.

[numaanashraf]

We've released v7.25.3 on stable which includes a fix for this.

[felipeabou]

I am facing this issue right now. Postman says the SLL certificate is expired, but it's not:

[dcatcendyn]

@felipeabou - Your issuer R3 is "Let's Encrypt" which had a root expiration this week I believe. I'm thinking Postman may have its own cert store or your OS cert store is dated and has an expired root. But I'd open a new ticket on this as this was has been closed for over a year.