Need help for running a ZAP scan for APIs.
I'm trying to configure the postman with ZAP so I can capture the API request and then scan them, but I'm having an issue configuring. I'm getting the responses fine when the requests are fired in Postman. But when I proxy the postman with ZAP, I'm getting an error saying, SSL Error: self signed certificate in certificate chain. I have no knowledge of how to do this and was only following the steps given by someone who did this before. (P.S: Our client specifically wanted a ZAP scan on this😴). Can someone please explain to me what to look for and how to do it clearly.
1 Reply
Is the API server using a self signed cert?
If so, you can try disabling the use PKI to sign remote host certs option in ZAP > Tools > Options
Otherwise, you may need to install whatever cert is missing along the chain