Hi,
If you mean in terms of trusting server certificates then SoapUI is overridden to trust all certificates, I don't think there is a way to toggle this.
If you need more details let me know,
Regards,
Rupert
The behavior I am seeing is different, specifically, the Open Source SoapUI is NOT trusting self signed certificates, this is apparent when trying to perform Oauth 2.0 authentication.
I encountered the same problem in the Pro Ready-API, but solved it there by changing the Internal Browser setting to trust self signed certificates.
In the Open Source Version, the SoapUI Internal Browser is not trusting the certificates and the internal browser is not able to open the authentication page.
Thanks,
CFR.
Hi CFR,
OK, no problem. My remark was regarding consuming a web service over HTTPS. In this case there is a custom SSLSocketFactory (SoapUISSLSocketFactory) that has been written to override the checkServerTrusted methods to do nothing. You can check this in the Git repository for the open source version:
// trust everyone!
X509TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
};
But this does not sound related to the browser part of the OAuth authentication functionality.
Thanks,
Rupert
Hi Rupert, regarding the custom SSLSocketFactory, does this relate to a java library somewhere which would need to be edited ? So far I have avoided getting involved with editing SoapUI java code .....
We are having a lot of trouble understanding why this is so difficult to do in the soapUI free version, up until now we have been using Postman where this can be done very easily .... it is making it difficult for me to persuade people to migrate from Postman to SoapUI.
Of course we could purchase morel licenses to the professional version, where this problem does not exist.
So far the low level of support we are receiving for the licensed testserver product is not encouraging us to buy more licenses.
Smartbear claim they support Oauth 2.0, but that is not entirely accurate.
