able to get response from Webservice without configuring client certificates in SOAPUI

Question

hi,&nbsp;We have implemented One way SSL for Webservices. configured .jks file in keystore of soapui and tested the https webservice and it is working as expected.&nbsp;now need to check scenario without configuring client certificates in SOAP UI. It should give certificate erroe as soap ui doesnd have the certificates configured . So removed the .jks file path from keystore of SOAPUI and tested teh https webservice. and I am able to get response also can see certificate in ssl certifictaes tab in soap ui. ratheri should have ot a certificate error. How is it working . Is SOAP UI has some root certificates already present in default. ?

rupert_anderson · Answer

Hi,
&nbsp;
For 1-way SSL (no client cert), SoapUI always trusts the server cert - Last time I looked&nbsp;SoapUI has&nbsp;a&nbsp;custom SSLSocketFactory (SoapUISSLSocketFactory) written to override the checkServerTrusted methods to do nothing.
&nbsp;
I guess this is for reasons of convenience, since an API testing tool may have to consume many APIs over SSL/TLS without needing to test whether their certificate is trusted.
&nbsp;
Regards,
Rupert

Forum Discussion

able to get response from Webservice without configuring client certificates in SOAPUI

1 Reply

Recent Discussions

WSS throwing NPE

Unable to Launch SoapUI 5.8 / any version after installation

Silently Uninstall

Related Content

[Solved] SSL Handshake exception calling a secure webservice

MSTest Configuration

testcomplete certification