We want to force consumer application to pass gateway public ssl certificate when consumer app is making a request to gateway. Hence we added Require SSL or TLS Transport assertion and checked Required option. However, we are still able to make a service call from postman when we disable ssl check.
Also, we tested from chrome browser where we have not added gateway's cert in trusted certificate tab. Browser is giving warning but allowing to make a call.
Please let us know how we can force any client application (chrome, postman, java app, .net app, etc) to pass gateway's cert in the request ?