HTTPS and the root certificate
Trust the PostGate CA to inspect HTTPS traffic on a development machine.
PostGate decrypts HTTPS locally so it can capture traffic and apply rules. It creates a local root certificate authority (CA) and generates host certificates on demand.
Install the certificate
- Open Settings → HTTPS & Security.
- Choose Install to System.
- Approve the trust prompt from your operating system.
- Restart browsers that were already open.
If the automatic installer is unavailable, choose Export, then import the .pem or .crt file into the system or browser trust store as a trusted root certificate authority.
Verify HTTPS capture
With the proxy running and the browser configured for 127.0.0.1:8899, open an HTTPS page. The request should appear without a certificate warning. Select it to inspect TLS metadata, request and response headers, bodies, and timing.
Security boundary
The exported root certificate is public and does not need to remain secret. A PostGate profile can also contain the matching private key, so protect exported profiles like credentials.
- Install the CA only on a development machine you control.
- Do not share profiles that include certificate material.
- Remove the CA from the system trust store when you no longer use PostGate.
- Keep the proxy bound to localhost unless you have explicitly designed a trusted network setup.
Certificate errors usually mean that the browser uses a separate trust store, the CA was not marked as trusted, or the browser needs to be restarted. See Troubleshooting for a focused checklist.