Forum Discussion

ThomasSoap's avatar
ThomasSoap
Frequent Visitor
6 years ago

Validate Server SSL Certificate Against Soap-UI TrustStore

Dear All,

 

I am trying to create a Soap-UI test which does a call against a server with a verified certificate by the CA (Certificate Authority) of my client.

We want to validate this against a truststore in soap-ui to validate if the server certificate is indeed the correct, signed 
certificate we expect.

My problem is that my test always succeeds, I actually want my test to succeed when the server presents a

signed certificate, but I want the test to fail if the server presents a self-signed certificate.

 

I have tried this with both SoapUI-5.5.0 as well as ReadyAPI 2.8.

I have tried starting SoapUI with SSLv3 and TLS in the vmoptions configuration file. 
I have ofcourse imported the truststore in SoapUI in "Show Project View" menu, and I have
done step 4. from the documentation on page:

https://www.soapui.org/soapui-projects/ws-security.html

Which I expect links my truststore to the project.

I have not changed anything in SSL in the Preferences.

 

On the latter page we also notice that in step 1.9 in the Authentication menu

the "Incoming WSS:" selection box can be found in the documentation, but

it is not there in our application (Both the SoapUI and ReadyAPI).
This menu is also not present after uploading the truststore and finishing step 4.

 

certificate
REST
SSL
truststore
validate
  • NirBY's avatar
    NirBY
    New Member
    14 days ago

    I have used this Script Assertion for verify SSL, it verify certificate has >10 days. hope this help..

    import java.security.cert.Certificate
import java.security.cert.X509Certificate
import javax.net.ssl.HttpsURLConnection
import java.net.URL
import java.time.LocalDate
import java.time.ZoneId
import java.time.temporal.ChronoUnit

try {
    // Dynamically get the endpoint URL from the current TestRequest
    def endpointUrl = messageExchange.modelItem.endpoint // Gets the endpoint URL of the current request

    // Check if the endpoint URL is a dynamic property expression
    if (endpointUrl.contains('${')) {
        // Expand the property expression to get the actual URL
        endpointUrl = context.expand(endpointUrl)
    }

    log.info("Verify SSL of current URL:" + endpointUrl)

    // Check if the expanded endpoint URL is not empty
    if (!endpointUrl) {
        log.error("Expanded endpoint URL is empty or not defined. Please provide a valid URL.")
        return false
    }

    // Check if the URL starts with the correct protocol (e.g., "https://")
    if (!endpointUrl.startsWith("https://")) {
        log.error("Invalid URL format. The URL must start with 'https://'. Provided URL: ${endpointUrl}")
        return false
    }

    // Open connection to the endpoint
    def url = new URL(endpointUrl)
    def connection = url.openConnection() as HttpsURLConnection
    connection.connect()

    // Retrieve the server certificates
    Certificate[] certs = connection.getServerCertificates()
    X509Certificate x509Cert = certs[0] as X509Certificate

    // Get the expiration date of the certificate
    Date expiryDate = x509Cert.getNotAfter()
    LocalDate expiryLocalDate = expiryDate.toInstant().atZone(ZoneId.systemDefault()).toLocalDate()
    LocalDate currentDate = LocalDate.now()

    // Calculate the days remaining until the certificate expires
    long daysUntilExpiry = ChronoUnit.DAYS.between(currentDate, expiryLocalDate)

    // Check if the certificate expires in more than 10 days
    if (daysUntilExpiry > 10) {
        log.info("The certificate expires in $daysUntilExpiry days, which is more than 10 days.")
        return true
    } else {
        log.error("The certificate expires in $daysUntilExpiry days, which is less than or equal to 10 days.")
        return false
    }

} catch (MalformedURLException e) {
    log.error("Malformed URL: ${e.message}")
    return false
} catch (Exception e) {
    // Handle any other errors that occur during the execution
    log.error("An error occurred while verifying the certificate: ${e.message}")
    return false
}