Forum Discussion

rremedios's avatar
rremedios
Occasional Contributor
8 years ago

SOAPUI implement TLS 1.2

Running one SoapUI as client on one workstation and another SoapUI as server on a second work station.

 

1] Have configured both SoapUI SoapUI-5.3.0.vmoptions file with these parameters.

-Dsoapui.https.protocols=TLSv1.2
-Dsoapui.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256

 

2] Using OPENSSL, generated root and intermediate key pairs and then generated client and server key/certificates.

I used the OPENSSL tool to create the client.p12 and server.p12 certificates with their respective passwords.

 

3] on the Client SoapUI, I set the Preference KeyStore /KeyStore password to the client.p12. No other configuration changes were made to the Preferences for the SSL Mock Service. At the script level, I set the  Endpoint to the server's IP address as https://x.x.x.x:443.

 

4] on the Server SoapUI, I set the Preferences KeyStore/KeyStore password to the sever.p12.

I enabled the Mock SSL.

I set the Mock port to 443

I set the Mock KeyStore/KeyStore key/password for server.p12.

I set the Mock Store /TrustStore password to the intermediate.p12.

Client Authentication is enabled.

 

Issue: On the Server side, I get an invalid key format.

Question: Which format is invalid? My certificates are in .p12 format. Is JKS a different format that is required by SoapUI?

 

I attached the error and soapui logs.

 

Just to add that the Mock Service on the Server side is set to listen on port 443.

I did configure the project KeyStore and TrustStore with the server.p12 (KeyStore) and intermediate.p12 (TrustStore).

(not sure if this is needed as I haven't seen and post saying this is required.)

 

Thanks

 

  • rremedios's avatar
    rremedios
    Occasional Contributor

    Issue: On the Server side, I get an invalid key format.

    Question: Which format is invalid? My certificates are in .p12 format. Is JKS a different format that is required by SoapUI?

     

    Yes, I had to use the KeyStore format to get SoapUI to accept the server key pair. I generated key pair using OPENSSL and then imported them into KeyStore. I did this for both client and server.

     

     

    Just to add that the Mock Service on the Server side is set to listen on port 443.

    I did configure the project KeyStore and TrustStore with the server.p12 (KeyStore) and intermediate.p12 (TrustStore).

    (not sure if this is needed as I haven't seen and post saying this is required.)

     

    Note to self. Set Mock Service port to 8443. Run the actual mock service on 8088. The server side then handles both SSL and non SSL requests.

     

    This post can be closed.