Forum Discussion

lreichen's avatar
lreichen
New Contributor
12 years ago

Help with Certificate

Thanks in advance for any help anyone can give.

I have created a WCF service and have been testing it with SOAPUI for some time now. I recently added SSL security without a hitch.
As required by the project I am trying to add a certificate to the service. The certificate was created and added to both the Personal and Trusted Root certificate stores.
I can use a C# test bed that I created to access the service and utilize the certificate. It's when I tried to configure SoapUI to use the certificate I ran into trouble.

In the response window I see this:

         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">An error occurred when verifying security for the message.</s:Text>
         </s:Reason>


From my server trace records I see this:

"Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security."

I'm using soapUI 3.0 (should I upgrade to a different version?). I've configured the project level security and added the certificate (It says "OK").
My intuition is telling me I'm missing a setting somewhere.

Any ideas?

Thanks again!

Louis

1 Reply

  • lreichen's avatar
    lreichen
    New Contributor
    12 years ago
    It took quite some time but I was able to figure out how to use both the SSL and CA certificate in SOAP.


      - Configure SoapUI for SSL in these ways:

      1. Preferences

        • Select File --> Preferences --> SSL Settings tab
        • Next to Keystore, click Browse… and locate your SSL certificate

        • Enter in the Keystore Password

        • Verify Client Authentication checkbox is selected.

        • Click OK


      2. Project

        • Right click your project and select Show Project View

        • Select the WS-Security Configurations tab

        • Select the Keystore tab

        • Click the Add button to attach a new Keystore to your project.

        • Locate your exported SSL certificate file and click Open

        • Type in a password and verify the status now says OK.

      3. Request

        • Select your request and find the Project Properties tab at the bottom of the window.

        • Locate the SSL Keystore value and click the textarea to show the dropdown.

        • Select the Keystore you just added to the project.



          4. CA Certificate Configuration

          - Configure SoapUI for CA Client Certificate

          1. Add the Keystore for the CA certificate

            • Right click your project and select Show Project View
            • Select the WS-Security Configurations tab

            • Select the Keystore tab

            • Click the Add button to attach a new Keystore to your project.

            • Locate your exported CA certificate file and click Open

          2. Setup the outgoing message to use the certificate

            • Select the Outgoing WS-Security Configurations tab

            • Click the add button to create a new configuration

            • Type in a name for your outgoing message setup (i.e. Outgoing)

            • In the rightmost field check the box labeled Must Understand

            • Add a new WSS Entry by clicking the add button

            • Select Signature from the dropdown

            • Select your CA Certificate file from the Keystore dropdown

            • Select the Alias from the drop down

            • Enter the password

            • Signature Algorithm will be http://www.w3.org/2000/09/xmldsig#rsa-sha1 (yours may differ)

            • Signature Canonicalization should be http://www.w3.org/2001/10/xml-exc-c14n# (yours may differ)

            • Digest Algorithm will be http://www.w3.org/2000/09/xmldsig#sha1 (yours may differ)

            • Select the Use Single Certificate Checkbox

            • For Parts click the add button and enter the following information

          3. Add another new WSS Entry by clicking the add button

            • Select Timestamp from the dropdown

            • Change the Time To Live to 100000

            • Click the X to close the Project View

          4. Configure the request to use the new WS Configurations

            • Double click your request to open the Request View

            • On the bottom left click the Auth button

            • From the Authorization dropdown select Add New Authorization…

            • Select Basic

            • From the Outgoing WSS dropdown select the name of the WS Configuration just created

            • Click the WS-A button

            • Select both Add default wsa:Action and Add default wsa:To checkboxes


            5. You should now be able to run your request.

            Hope that helps someone out!

            Louis