1 reply

Need help for running a ZAP scan for APIs.

I'm trying to configure the postman with ZAP so I can capture the API request and then scan them, but I'm having an issue configuring. I'm getting the responses fine when the requests are fired in Postman. But when I proxy the postman with ZAP, I'm getting an error saying, SSL Error: self signed certificate in certificate chain. I have no knowledge of how to do this and was only following the steps given by someone who did this before. (P.S: Our client specifically wanted a ZAP scan on this

). Can someone please explain to me what to look for and how to do it clearly.

DirtyJ•6/13/23, 8:07 AM

Is the API server using a self signed cert?

If so, you can try disabling the use PKI to sign remote host certs option in ZAP > Tools > Options

Otherwise, you may need to install whatever cert is missing along the chain

Need help for running a ZAP scan for APIs.

Similar Threads