Using a etoken for authentication
Hi,
First of all, I don't know much about certificates. I want to use SoapUI to make a call to a government webservice. This webservice and also the wsdl of the webservice require that you use a certificate of your own (that you need to buy) so that the code at server side (government side) knows who I am and can be sure that I am who I say that I am. So we bought ourselves this certificate and it came on a etoken. This is a piece of flash hardware that you plug in to your USB drive.
When trying to open the wsdl from Internet Explorer, IE asks if it should use our certificate. If we say yes, it asks for the password and then IE loads the wsdl correctly. Without the etoken, IE doesn't want to load the wsdl.
Now I want to do the same thing in SoapUI. So in File -> Preferences -> SSL settings, it seems to be possible to specify a keystore and password. This keystore seems to be a file? But I have no idea which file I need to fill in there so that SoapUI uses the etoken in my USB drive. Same for the project properties (Project View -> Security Configurations -> Key Stores / Certificates), there you can add files that are keystores and should be used. Same problem here: which file to use?
When the drivers for the etoken were installed, it also installed some software. In this software, when the etoken is in the USB drive, you can export the certificate to a .cer file. I tried to use this file in SoapUI where you have to specify the keystore, but it doesn't work. In the project properties, when adding this .cer file, I get the error message "failed to extract any certificates or private keys - maybe bad password?". But my password is correct as it works in IE...
It seems logical to me that it doesn't work with the exported .cer file as this probably only contains the public key and not the private key (I suspect (hope) that the private key never leaves the etoken for security reasons). And for sending a webservice request, SoapUI need to encrypt the request with the private key and send the public key along, I think. So SoapUI doesn't get the private key from the .cer file and as a consequence cannot encrypt the request.
Big questions is: how to point SoapUI to the etoken for using it to encrypt our wsdl/webservice call? To be clear: the etoken is an "Aladdin eToken PRO USB Key".
Veerle
First of all, I don't know much about certificates. I want to use SoapUI to make a call to a government webservice. This webservice and also the wsdl of the webservice require that you use a certificate of your own (that you need to buy) so that the code at server side (government side) knows who I am and can be sure that I am who I say that I am. So we bought ourselves this certificate and it came on a etoken. This is a piece of flash hardware that you plug in to your USB drive.
When trying to open the wsdl from Internet Explorer, IE asks if it should use our certificate. If we say yes, it asks for the password and then IE loads the wsdl correctly. Without the etoken, IE doesn't want to load the wsdl.
Now I want to do the same thing in SoapUI. So in File -> Preferences -> SSL settings, it seems to be possible to specify a keystore and password. This keystore seems to be a file? But I have no idea which file I need to fill in there so that SoapUI uses the etoken in my USB drive. Same for the project properties (Project View -> Security Configurations -> Key Stores / Certificates), there you can add files that are keystores and should be used. Same problem here: which file to use?
When the drivers for the etoken were installed, it also installed some software. In this software, when the etoken is in the USB drive, you can export the certificate to a .cer file. I tried to use this file in SoapUI where you have to specify the keystore, but it doesn't work. In the project properties, when adding this .cer file, I get the error message "failed to extract any certificates or private keys - maybe bad password?". But my password is correct as it works in IE...
It seems logical to me that it doesn't work with the exported .cer file as this probably only contains the public key and not the private key (I suspect (hope) that the private key never leaves the etoken for security reasons). And for sending a webservice request, SoapUI need to encrypt the request with the private key and send the public key along, I think. So SoapUI doesn't get the private key from the .cer file and as a consequence cannot encrypt the request.
Big questions is: how to point SoapUI to the etoken for using it to encrypt our wsdl/webservice call? To be clear: the etoken is an "Aladdin eToken PRO USB Key".
Veerle
