Wrong Key Usage error on WS-Security Encryption of outgoing SOAP request
I'm getting "java.security.InvalidKeyException: Wrong key usage" when attempting to encrypt an outgoing request. This only happens when using a CA-Issued cert. It doesn't happen for self-signed. I can see that the certifcate has both DigitalSignature and Key_Encipherment as allowable. The next cert up the chain (the CA cert) does not have any Key Usage specified.
This is happening with SOAPUI 5.2.1 with the bundled JRE and also with my own JRE 1.8.
I've seen this other thread where the OP had this same problem, but the two suggestions made there: 1) upgrade JRE; and 2) a work-around related to SSL don't seem to apply in my situation.
org.apache.ws.security.WSSecurityException: Cannot encrypt data
at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:216)
at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:223)
at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:264)
at com.eviware.soapui.impl.wsdl.support.wss.entries.EncryptionEntry.process(EncryptionEntry.java:284)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:175)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:59)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:39)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:33)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:172)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: Wrong key usage
at javax.crypto.Cipher.init(Cipher.java:1712)
at javax.crypto.Cipher.init(Cipher.java:1618)
at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:214)