Forum Discussion

swatimulik's avatar
swatimulik
Visitor
8 years ago

able to get response from Webservice without configuring client certificates in SOAPUI

hi,

 

We have implemented One way SSL for Webservices. configured .jks file in keystore of soapui and tested the https webservice and it is working as expected.

 

now need to check scenario without configuring client certificates in SOAP UI. It should give certificate erroe as soap ui doesnd have the certificates configured . So removed the .jks file path from keystore of SOAPUI and tested teh https webservice. and I am able to get response also can see certificate in ssl certifictaes tab in soap ui. ratheri should have ot a certificate error. How is it working . Is SOAP UI has some root certificates already present in default. ?

1 Reply

  • rupert_anderson's avatar
    rupert_anderson
    Valued Contributor

    Hi,

     

    For 1-way SSL (no client cert), SoapUI always trusts the server cert - Last time I looked SoapUI has a custom SSLSocketFactory (SoapUISSLSocketFactory) written to override the checkServerTrusted methods to do nothing.

     

    I guess this is for reasons of convenience, since an API testing tool may have to consume many APIs over SSL/TLS without needing to test whether their certificate is trusted.

     

    Regards,

    Rupert