SSLHandshakeException while using client certificate
Hi,
I am trying to call REST web service using https. I have generated client certificate which is signed by CA certificate (ca.crt and ca.key) with following commands :
I have done the following steps :
1) Added the line ‘-Dsun.security.ssl.allowUnsafeRenegotiation=true’ to the file ‘soapUI-4.0.0.vmoptions’.
2) File-> Preferences -> SSL Settings set 'KeyStore' to point to above generated certificate and gave required password in 'KeyStore Password' field. Checked 'requires client authentication'.
3) Added ca.crt to soapui cacerts using following command :
keytool -importcert -alias cacert -file ca.crt -keystore "C:\Program Files (x86)\eviware\soapUI-4.0.0\jre\lib\security\cacerts"
But whenever I tried to call web service I am getting following exception :
Also tried with exporting certificate as described here :
http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx
But still facing the same exception.
I have tested the webservice with browser after importing the certificate ( client2.p12 ) in the browser. It is working fine. So server side configuration is correct.
Is there some configuration I am missing in soapUI or Is there problem with certificate itself ?
Thanks in Advance.
-Hemant
I am trying to call REST web service using https. I have generated client certificate which is signed by CA certificate (ca.crt and ca.key) with following commands :
openssl genrsa -out client2.key 1024
openssl req -new -key client2.key -out client2.csr
openssl x509 -req -days 365 -in client2.csr -CA ca.crt -CAkey ca.key -set_serial 03 -out client2.crt
openssl pkcs12 -export -in client2.crt -inkey client2.key -out client2.p12 -name "Dev Client2"
I have done the following steps :
1) Added the line ‘-Dsun.security.ssl.allowUnsafeRenegotiation=true’ to the file ‘soapUI-4.0.0.vmoptions’.
2) File-> Preferences -> SSL Settings set 'KeyStore' to point to above generated certificate and gave required password in 'KeyStore Password' field. Checked 'requires client authentication'.
3) Added ca.crt to soapui cacerts using following command :
keytool -importcert -alias cacert -file ca.crt -keystore "C:\Program Files (x86)\eviware\soapUI-4.0.0\jre\lib\security\cacerts"
But whenever I tried to call web service I am getting following exception :
2013-03-21 18:50:05,300 INFO [SoapUI] Used java version: 1.6.0_25
2013-03-21 18:50:06,762 INFO [IsolatedProcess] Executing command: "C:\Users\hemants\AppData\Local\Temp\JExplorer32.2.2.10.exe" "C:\Users\hemants\AppData\Local\Temp\JExplorer32.2.2.10.dll" {2A1A578B-87AA-48BD-BAD0-2CE4A397E97A}
2013-03-21 18:50:06,948 INFO [cx] MS Internet Explorer version: 8
2013-03-21 18:50:12,509 INFO [b] XULRunner is already extracted to C:\Program Files (x86)\eviware\soapUI-4.0.0\.JxBrowser\xulrunner-windows-version-1.9.2.1\xulrunner-windows
2013-03-21 18:50:13,325 INFO [IsolatedProcess] Stopping the process
2013-03-21 18:52:57,029 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2013-03-21 18:52:57,029 ERROR [SoapUI] An error occured [Received fatal alert: handshake_failure], see error log for details
2013-03-21 18:52:57,030 ERROR [errorlog] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at com.eviware.soapui.impl.wsdl.support.http.SoapUIMultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(SoapUIMultiThreadedHttpConnectionManager.java:1921)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.methods.ExtendedGetMethod.writeRequest(ExtendedGetMethod.java:88)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:202)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Also tried with exporting certificate as described here :
http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx
But still facing the same exception.
I have tested the webservice with browser after importing the certificate ( client2.p12 ) in the browser. It is working fine. So server side configuration is correct.
Is there some configuration I am missing in soapUI or Is there problem with certificate itself ?
Thanks in Advance.
-Hemant