I'm trying to test my API using SoapUI 5.4.0. I added my website SSL certificate in Keystore and my clients SSL in Truststore. I added apikey in header and parameters in parameters section. But, still I'm getting:
response error 401 Unauthorized
Please help to fix this issue.
Have you sent the request with configured Keystore?
example:
below Screen I have configured the ssl keystore, hope you have also done the same.
And then while sending request , you need to point the ssl keystore. For every request which requires ssl you need to do this.
Related
I am asking this question because I encountered an issue while I was using SoapUI to sending a soap/json request to a HTTPS web service API which was installed with an empty issuer CN self-signed certificate at the server side.
This is the sample api link:
https://auth.sandbox.cloud.xyz/auth/v3/oauth/token?grant_type=client_credentials&client_id=auth_api_client&client_secret=client123
SoapUI returns following errors after I clicked send request button. The service api response wasn't returned.
INFO:Error getting response for [https://auth.sandbox.cloud.xyz.Token:Request 1]; javax.net.ssl.SSLHandshakeException: Failed to parse server certificates
ERROR:java.security.cert.CertificateParsingException: Empty issuer DN not allowed in X509Certificates
Same api request call works good in Postman as long as I disable its SSL certification verification.
In Postman, there is an option "disable SSL certification verification", you can use it to disable SSL certification verification while you are sending a soap/json request to a HTTPS web service API.
However, I am not able to find the similar option in SoapUI.
Does any one know how to disable SSL certification verification in SoapUI?
Or, how can I send request and get its response successfully against a HTTPS web service API which is installed with an empty issuer CN self-signed certificate at its server side?
Thank you so much for your help!
There is one soap web service its working with 2 way SSL. Our client certificate(public key) has been shared with web service provider.
We are trying to call this soap web service on a latest SOAPUI 5.5 on Windows 2012 R2 machine.
We have configured our certificate (private key) in soapui and we are capturing the logs with wireshark during execution.
Wireshark says client certificate is not being sent as you can see on below screenshot. I can give more details if required...
You can see also SOAPUI configuration and service call on below...
Client Certificate Configuration in SOAPUI:
Service call execution in SOAPUI:
Edit 1: We have spent 8 days to figure out this problem. If anyone believes to solve this problem for us, we are ok to pay for it. Thank you.
Hi Configure the key store along with the request testStep .
select the request test step
go to properties and select keystore which you want to send
I hope the key store you are using have the server certificate imported.
Key Password mismatch: Assuming that your keystore password is correct, it could be happening due to mismatch between the keystore
password and the key password. This could often happen if the
password of the keystore is changed and forgot to update the
password of the underlying key. In this case the SoapUI accepts the
keystore because the password is correct. But while sending the
request, the SoapUI also requires the password of the underlying
private key in the keystore. Due to mismatch of the passwords, the
SoapUI is not able to decrypt the key and send it along with the
request.
Set SSL Keystore request Param: There is a request param called SSL Keystore. Select the keystore from the dropdown before sending
the request. If you do not see the keystore in the dropdown, add the
keystore like below: Double Click on the SOAP Project --> Goto WS
Security Configurations --> Keystores --> Click on (+) to add your
keystore --> select keystore from your filepath --> Give keystore
password --> The keystore should add with status OK. Now select
this keystore in your SSl Keystore request parameter. And send the
request.
I'm working with an API from a private company using java.
I'm trying to make a GET Request with Postman on an URL that they gave to me. I set up an SSL certificate with the original server URL and everything is ok. But when i change the certificate to test server, i get the following error:
Error: write EPROTO 101057795:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 48 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:
Do you know how to fix it, to make it work on test server too?
Alternatively: does another SSL certificate exists for the test server?
You have the wrong certificate. That certificate is not for that server.
You should try to contact that company for the right certificate.
I have a server that runs Nexus, I can get access to Nexus and download artifacts via https (browser) without problem.
Now I want to get the artifact using wget via https:
wget https://195.20.100.100:8081/repository/myrepo/com/myrepo/program/1.0-SNAPSHOT/program.tar.gz
and it tells me :
WARNING: cannot verify 195.20.100.100's certificate, issued by ‘/C=US/ST=Unspecified/L=Unspecified/O=Sonatype/OU=Example/CN=*.195.20.100.100’:
Self-signed certificate encountered.
Proxy request sent, awaiting response... 401 Unauthorized
Authorization failed.
I want to know the exact steps I have to do?
Thanks in advance.
This isn't a Nexus Repository Manager issue per se, I believe you just need to do something akin to the answer in this post: wget, self-signed certs and a custom HTTPS server
I m using Oracle HTTP Server as reverse proxy for WebLogic. I have set up SSL on both the proxy and the server with client certificate authentication. It works and the clients get authenticated by OHS, but i need to pass client certificate information to WebLogic so i can look at this certificate in my servlet. Documentation says that the proxy can forward client certificate within "WL-Proxy-Client-Cert" http header to the WebLogic server.
However, i can't get this to work. Within my servlet i tried both request.getHeader() and request.getAttribute() and getting null. I looked at both headers and attributes of the request objects and don't see anything like WL-Proxy-Client-Cert. In fact i don't see any headers starting with WL, only couple of headers starting with X-WebLogic, none of which has the certificate.
I did enable "Client Cert Proxy Enabled" option in Administration Console as described in the docs. Also i know that clients get authenticated since i see the certificate requested by the browser, after which i can successfully access the site.
Am i missing something?
I have finally got an answer from Oracle support on this. The problem was that i had to add one SSL directive to my virtual host configuration:
SSLOptions +ExportCertData
It goes under "IfModule ossl_module", right next to "SSLVerifyClient require" directive that specifies 2-way authentication for the proxy.
Note that after this, in the servlet, the certificate will be present in the usual "javax.servlet.request.X509Certificate" attribute, as if the server was doing client certificate authentication itself (no extra headers are received).
Also, note that you can have the server use 1-way SSL, if you feel secure with authentication done by the proxy, and you will still receive the certificate in the attribute in your servlet (in this case you should probably add a filter as they recommend to ensure the requests come from the proxy only). I have a feeling it will work even if the server port is regular http, though i haven't tested it yet.