Forum Discussion

ThomasSoap's avatar
ThomasSoap
Frequent Visitor
6 years ago

Validate Server SSL Certificate Against Soap-UI TrustStore

Dear All,

 

I am trying to create a Soap-UI test which does a call against a server with a verified certificate by the CA (Certificate Authority) of my client.

We want to validate this against a truststore in soap-ui to validate if the server certificate is indeed the correct, signed 
certificate we expect.

My problem is that my test always succeeds, I actually want my test to succeed when the server presents a

signed certificate, but I want the test to fail if the server presents a self-signed certificate.

 

I have tried this with both SoapUI-5.5.0 as well as ReadyAPI 2.8.

I have tried starting SoapUI with SSLv3 and TLS in the vmoptions configuration file. 
I have ofcourse imported the truststore in SoapUI in "Show Project View" menu, and I have
done step 4. from the documentation on page:

https://www.soapui.org/soapui-projects/ws-security.html

Which I expect links my truststore to the project.

I have not changed anything in SSL in the Preferences.

 

On the latter page we also notice that in step 1.9 in the Authentication menu

the "Incoming WSS:" selection box can be found in the documentation, but

it is not there in our application (Both the SoapUI and ReadyAPI).
This menu is also not present after uploading the truststore and finishing step 4.

 

  • I have used this Script Assertion for verify SSL, it verify certificate has >10 days. hope this help..

    import java.security.cert.Certificate
    import java.security.cert.X509Certificate
    import javax.net.ssl.HttpsURLConnection
    import java.net.URL
    import java.time.LocalDate
    import java.time.ZoneId
    import java.time.temporal.ChronoUnit
    
    try {
        // Dynamically get the endpoint URL from the current TestRequest
        def endpointUrl = messageExchange.modelItem.endpoint // Gets the endpoint URL of the current request
    
        // Check if the endpoint URL is a dynamic property expression
        if (endpointUrl.contains('${')) {
            // Expand the property expression to get the actual URL
            endpointUrl = context.expand(endpointUrl)
        }
    
        log.info("Verify SSL of current URL:" + endpointUrl)
    
        // Check if the expanded endpoint URL is not empty
        if (!endpointUrl) {
            log.error("Expanded endpoint URL is empty or not defined. Please provide a valid URL.")
            return false
        }
    
        // Check if the URL starts with the correct protocol (e.g., "https://")
        if (!endpointUrl.startsWith("https://")) {
            log.error("Invalid URL format. The URL must start with 'https://'. Provided URL: ${endpointUrl}")
            return false
        }
    
        // Open connection to the endpoint
        def url = new URL(endpointUrl)
        def connection = url.openConnection() as HttpsURLConnection
        connection.connect()
    
        // Retrieve the server certificates
        Certificate[] certs = connection.getServerCertificates()
        X509Certificate x509Cert = certs[0] as X509Certificate
    
        // Get the expiration date of the certificate
        Date expiryDate = x509Cert.getNotAfter()
        LocalDate expiryLocalDate = expiryDate.toInstant().atZone(ZoneId.systemDefault()).toLocalDate()
        LocalDate currentDate = LocalDate.now()
    
        // Calculate the days remaining until the certificate expires
        long daysUntilExpiry = ChronoUnit.DAYS.between(currentDate, expiryLocalDate)
    
        // Check if the certificate expires in more than 10 days
        if (daysUntilExpiry > 10) {
            log.info("The certificate expires in $daysUntilExpiry days, which is more than 10 days.")
            return true
        } else {
            log.error("The certificate expires in $daysUntilExpiry days, which is less than or equal to 10 days.")
            return false
        }
    
    } catch (MalformedURLException e) {
        log.error("Malformed URL: ${e.message}")
        return false
    } catch (Exception e) {
        // Handle any other errors that occur during the execution
        log.error("An error occurred while verifying the certificate: ${e.message}")
        return false
    }