Thursday, December 09, 2010

2 (two) way SSL using soapUI as client and server

soapUI has been a wonderful tool for testing webservices. It can also generate MockServices  which can be used for testing the client if you have the WSDL contract. This is a very quick way to get up and running. You can also add WS-Security to it. There is a very good tutorial on soapUI to for using SSL as well. I wanted to extend this to use 2 way SSL. I have keytool command-line utility for generating keystore and certificates. 

On Server
keytool -genkey -alias server -keyalg RSA -validity 3650 -keystore c:\server.keystore -storepass abcd1234 -keypass abcd1234 
keytool -export -alias server -keystore c:\server.keystore -storepass abcd1234 -file c:\server.cer 
keytool -import -alias client -keystore c:\server.keystore -storepass abcd1234 -file c:\client.cer 


Settings on the server prior to generating the mock service:-


server


On Client
keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore c:\client.keystore -storepass abcd1234 -keypass abcd1234 
keytool -genkey -alias client -keyalg RSA -storetype PKCS12 -keystore c:\client.p12 -storepass abcd1234 -keypass abcd1234 
keytool -export -alias client -keystore c:\client.p12 -storetype PKCS12 -storepass abcd1234 -file c:\client.cer 
keytool -import -alias server -keystore c:\client.keystore -storepass abcd1234 -file c:\server.cer






Settings on the client prior to generating the request:-


client 


Once the request is sent and the correct response is obtained after decryption :-


client after response 


Raw response on client side :-


Raw response on client side 


Raw response on server side:-


Raw response on server side 








NOTE: Generate the request and MockService AFTER saving the SSL preferences and restarting soapUI. It might not work if you do it the other way around. Also, make sure you use https as the endpoint on the client end.


If wrong password is entered in client you will get bad_certificate response and it will not decrypt the response on the client end :-


bad_certificate
  








Bookmark and Share








at
11:02 PM



















Labels:
,

















7 comments:








  1. Maarten12/22/2010 10:12:00 AM
    Hi ejvyas,

    Thanks for the nice explanation on 2-way SSL setup in soapUI. 
    I tried a setup as explained in your post but always get the error that the keystore has been modified or has been tampered with. I am sure I use the correct password as I can access everything correct with keytool. 
    If I leave out the Mock Password in the preferences I get a JsseListerner NullPointerException.
    As I see you have some experience with setting it up, do you have any idea what might be the problem?
    ReplyDelete
  2. Vyas12/22/2010 10:43:00 AM
    Send me the commands used for creating certificates on the client and server end. Also your soapUI projects
    ReplyDelete
  3. Nagaveni G2/14/2012 03:41:00 AM
    Hi Maarten, 

    I am also having the same problem i too can access with keytool and correct password i am having socket exception.Please let me know how you sloved your problem
    ReplyDelete
  4. Vyas2/14/2012 09:57:00 AM
    Send me your soapUI project
    ReplyDelete
  5. Ashish7/16/2012 09:25:00 AM
    Hi,

    Are you using here two different instances of the SOAPUI? one for sending request and another one for response?

    Regards,
    Ashish
    ReplyDelete
  6. Ashish7/16/2012 10:02:00 AM
    Hi,

    Whenever I try to generate response after doing the SSL settings I get error : java.netBindException: Address already in use

    Do you know why?

    Regards,
    Ashish
    ReplyDelete











Thank you for your feedback





















        

      









Subscribe to:
Post Comments (Atom)