I am currently facing issue in connecting to a soap https service from soapui. I am provided with public and private certificates. I have added the public certificate in the preferences--> SSL setting tab. And then I have configured the outgoing ws security --> keystore with the private key. Also I have created a signature with the private certificate.
When I hit the service am getting a soap response saying "certificate is not trusted" . Am new to this setup and please correct me if am wrong.Can you please help me in resolving the issue ?
Related
I am asking this question because I encountered an issue while I was using SoapUI to sending a soap/json request to a HTTPS web service API which was installed with an empty issuer CN self-signed certificate at the server side.
This is the sample api link:
https://auth.sandbox.cloud.xyz/auth/v3/oauth/token?grant_type=client_credentials&client_id=auth_api_client&client_secret=client123
SoapUI returns following errors after I clicked send request button. The service api response wasn't returned.
INFO:Error getting response for [https://auth.sandbox.cloud.xyz.Token:Request 1]; javax.net.ssl.SSLHandshakeException: Failed to parse server certificates
ERROR:java.security.cert.CertificateParsingException: Empty issuer DN not allowed in X509Certificates
Same api request call works good in Postman as long as I disable its SSL certification verification.
In Postman, there is an option "disable SSL certification verification", you can use it to disable SSL certification verification while you are sending a soap/json request to a HTTPS web service API.
However, I am not able to find the similar option in SoapUI.
Does any one know how to disable SSL certification verification in SoapUI?
Or, how can I send request and get its response successfully against a HTTPS web service API which is installed with an empty issuer CN self-signed certificate at its server side?
Thank you so much for your help!
I'm trying to test my API using SoapUI 5.4.0. I added my website SSL certificate in Keystore and my clients SSL in Truststore. I added apikey in header and parameters in parameters section. But, still I'm getting:
response error 401 Unauthorized
Please help to fix this issue.
Have you sent the request with configured Keystore?
example:
below Screen I have configured the ssl keystore, hope you have also done the same.
And then while sending request , you need to point the ssl keystore. For every request which requires ssl you need to do this.
There is one soap web service its working with 2 way SSL. Our client certificate(public key) has been shared with web service provider.
We are trying to call this soap web service on a latest SOAPUI 5.5 on Windows 2012 R2 machine.
We have configured our certificate (private key) in soapui and we are capturing the logs with wireshark during execution.
Wireshark says client certificate is not being sent as you can see on below screenshot. I can give more details if required...
You can see also SOAPUI configuration and service call on below...
Client Certificate Configuration in SOAPUI:
Service call execution in SOAPUI:
Edit 1: We have spent 8 days to figure out this problem. If anyone believes to solve this problem for us, we are ok to pay for it. Thank you.
Hi Configure the key store along with the request testStep .
select the request test step
go to properties and select keystore which you want to send
I hope the key store you are using have the server certificate imported.
Key Password mismatch: Assuming that your keystore password is correct, it could be happening due to mismatch between the keystore
password and the key password. This could often happen if the
password of the keystore is changed and forgot to update the
password of the underlying key. In this case the SoapUI accepts the
keystore because the password is correct. But while sending the
request, the SoapUI also requires the password of the underlying
private key in the keystore. Due to mismatch of the passwords, the
SoapUI is not able to decrypt the key and send it along with the
request.
Set SSL Keystore request Param: There is a request param called SSL Keystore. Select the keystore from the dropdown before sending
the request. If you do not see the keystore in the dropdown, add the
keystore like below: Double Click on the SOAP Project --> Goto WS
Security Configurations --> Keystores --> Click on (+) to add your
keystore --> select keystore from your filepath --> Give keystore
password --> The keystore should add with status OK. Now select
this keystore in your SSl Keystore request parameter. And send the
request.
I have an OSB service which communicates with a bank by 2way SSL connection. OSB_server configured to use "Custom Identity and Java Standard Trust keystores". Identity keystore has server certificate and trust keystore CA certificates. Private alias set to use "key" -
Ive added client sertificate received by bank to identity keystore, CA to "cacerts" and changed SSL private alias to received one "800345" and set UseServerCerts to true.
Communication with bank working fine, but.. other services doesn't work because of wrong private SSL certificate.
Found solution where I can use WLST scripting to change private key, but it requires restart or module redeploy.
Another solution found was with PKI provider/credential mapping. In weblogic noted that this is deprecated technology, but anyway tried it... received exception that my created provider didn't find in weblogic home domain (it is there).
In general I have:
key pair from Bank CA cert from Bank
Could you please help with this? Where I should insert this keys to make OSB service working? Any other solution would be nice to hear.. or any tutorials..
I am using WCF for the client to access service. I am trying to access the endpoint with TLS (https). I have certificates with both private and public keys.
If I have the end point of the service to have the host name same as the certificate name ("Issued To"), then i am able to access the service from the client.
If the names of the "issued to" and end point domain name are different i get the error "Could not establish trust relationship for the SSL/TLS secure channel with authority". I have added the certificates to "Trusted Root", "Personal" and "trusted People". In my service i have used "PeerOrChainTrust".
Please let me know if anybody has any idea on this.
Thanks,
Jan
In that case, you need to define the trust policy for the server on client side,
Call SetCertPolicy once before you make any call to the services.
using System.Net;
using System.Security.Cryptography.X509Certificates;
public static void SetCertPolicy()
{
ServicePointManager.ServerCertificateValidationCallback += RemoteCertValidate;
}
private static bool RemoteCertValidate( object sender, X509Certificate cert, X509Chain chain,
SslPolicyErrors error )
{
// trust any cert!!!
return true;
}
I don't think you can override the check on whether the certificate name matches the server name.
Some agents allow you to manually override after the warnings, but unless WCF has a setting to disable certificate validation with all the dangers that brings. SSL is designed first and foremost for the client to be able to validate which server it is talking to, otherwise you will be open to all sorts of vulnerabilities (including man-in-the-middle and fake servers).