Forum Discussion

lreichen's avatar
lreichen
New Contributor
12 years ago

Help with Certificate

Thanks in advance for any help anyone can give. I have created a WCF service and have been testing it with SOAPUI for some time now. I recently added SSL security without a hitch. As required by ...
lreichen's avatar
lreichen
New Contributor
12 years ago
It took quite some time but I was able to figure out how to use both the SSL and CA certificate in SOAP.


    - Configure SoapUI for SSL in these ways:

    1. Preferences

      • Select File --> Preferences --> SSL Settings tab
      • Next to Keystore, click Browse… and locate your SSL certificate

      • Enter in the Keystore Password

      • Verify Client Authentication checkbox is selected.

      • Click OK


    2. Project

      • Right click your project and select Show Project View

      • Select the WS-Security Configurations tab

      • Select the Keystore tab

      • Click the Add button to attach a new Keystore to your project.

      • Locate your exported SSL certificate file and click Open

      • Type in a password and verify the status now says OK.

    3. Request

      • Select your request and find the Project Properties tab at the bottom of the window.

      • Locate the SSL Keystore value and click the textarea to show the dropdown.

      • Select the Keystore you just added to the project.



        4. CA Certificate Configuration

        - Configure SoapUI for CA Client Certificate

        1. Add the Keystore for the CA certificate

          • Right click your project and select Show Project View
          • Select the WS-Security Configurations tab

          • Select the Keystore tab

          • Click the Add button to attach a new Keystore to your project.

          • Locate your exported CA certificate file and click Open

        2. Setup the outgoing message to use the certificate

          • Select the Outgoing WS-Security Configurations tab

          • Click the add button to create a new configuration

          • Type in a name for your outgoing message setup (i.e. Outgoing)

          • In the rightmost field check the box labeled Must Understand

          • Add a new WSS Entry by clicking the add button

          • Select Signature from the dropdown

          • Select your CA Certificate file from the Keystore dropdown

          • Select the Alias from the drop down

          • Enter the password

          • Signature Algorithm will be http://www.w3.org/2000/09/xmldsig#rsa-sha1 (yours may differ)

          • Signature Canonicalization should be http://www.w3.org/2001/10/xml-exc-c14n# (yours may differ)

          • Digest Algorithm will be http://www.w3.org/2000/09/xmldsig#sha1 (yours may differ)

          • Select the Use Single Certificate Checkbox

          • For Parts click the add button and enter the following information

        3. Add another new WSS Entry by clicking the add button

          • Select Timestamp from the dropdown

          • Change the Time To Live to 100000

          • Click the X to close the Project View

        4. Configure the request to use the new WS Configurations

          • Double click your request to open the Request View

          • On the bottom left click the Auth button

          • From the Authorization dropdown select Add New Authorization…

          • Select Basic

          • From the Outgoing WSS dropdown select the name of the WS Configuration just created

          • Click the WS-A button

          • Select both Add default wsa:Action and Add default wsa:To checkboxes


          5. You should now be able to run your request.

          Hope that helps someone out!

          Louis