Certificates
Rostyman lets you configure custom SSL/TLS certificates for connecting to servers that use self-signed certificates, mutual TLS (mTLS), or private certificate authorities. This is common when working with internal APIs, staging environments, or enterprise systems.
Open certificate settings in Settings → Certificates.
When to Use Custom Certificates
- Self-signed servers — Your API server uses a certificate not trusted by the system. Instead of disabling SSL verification globally, add the server's CA certificate.
- Mutual TLS (mTLS) — The server requires the client to present a certificate to authenticate. Add your client certificate and private key.
- Internal/private CA — Your organization uses its own certificate authority. Add the CA certificate so Rostyman trusts servers signed by it.
- Development environments — Local or staging servers with custom certificates.
Supported Formats
| Format | Description |
|---|---|
| PEM certificate + key | Separate .pem or .crt file for the certificate and .pem or .key file for the private key |
| PFX / PKCS#12 | A single .pfx or .p12 file containing both the certificate and private key |
| CA certificate | A .pem or .crt file for a certificate authority |
Adding a Certificate
- Go to Settings → Certificates
- Click Add Certificate
- Fill in the details:
| Field | Description |
|---|---|
| Name | A descriptive name for this certificate (e.g. "Staging API", "Internal CA") |
| Host | The hostname pattern this certificate applies to (e.g. api.internal.com, *.staging.example.com) |
| Certificate (CRT) | Path to the PEM certificate file |
| Key | Path to the private key file (for PEM format) |
| Passphrase | Passphrase for the private key, if it is encrypted |
| CA Certificate | Path to the CA certificate file (optional — for custom certificate authorities) |
| PFX File | Path to a PFX/PKCS#12 file (alternative to separate cert + key) |
- Click Save
You can provide either a PEM certificate + key pair, or a single PFX file — not both.
Enable / Disable Certificates
Each certificate has a toggle to enable or disable it. Disabled certificates are kept in your list but are not used when making requests. This makes it easy to switch between configurations without deleting and re-adding certificates.
Host Matching
The Host field determines which servers the certificate is used for. Rostyman matches the request URL's hostname against this pattern:
- Exact match:
api.example.com— applies only to that specific host - Wildcard:
*.example.com— applies to any subdomain of example.com
Use Cases
Connecting to a Self-Signed Server
- Obtain the server's CA certificate (ask your server admin or export it from a browser)
- Add a certificate with the server's hostname and the CA certificate path
- Requests to that server will now be trusted without disabling SSL verification globally
Mutual TLS Authentication
- Obtain your client certificate and private key from your organization
- Add a certificate with the server's hostname, the client certificate path, and the key path
- If the key is encrypted, enter the passphrase
- Rostyman will present your client certificate when connecting to that server
Using a PFX File
- If you have a
.pfxor.p12file (common in Windows environments): - Add a certificate with the server's hostname and the PFX file path
- Enter the passphrase if the PFX file is password-protected
Troubleshooting
| Problem | Solution |
|---|---|
| "Certificate not trusted" errors | Add the server's CA certificate, or the issuing CA's certificate |
| "Client certificate required" | Add your client certificate and key for the target host |
| "Passphrase required" or decryption error | Enter the correct passphrase for the private key or PFX file |
| Certificate not being used | Check that the Host pattern matches the request URL and the certificate is enabled |
| Still getting SSL errors | As a temporary workaround, disable SSL Verification in General Settings — but add the proper certificate for production use |
Tips
- Certificates are matched by hostname — you can have different certificates for different servers.
- Keep your private keys secure. Rostyman reads them from disk at request time and does not copy them.
- If you're also using a proxy, you may need certificates for both the proxy and the target server.