SOLVED:
Not a problem on the SoapUI (mock server) side but in the SOAP client (Windows) side. Instead of just importing the .cer file in Windows, it is necessary to import both the public and private keys. To do that, copy the mock.keystore file to mock.p12 file and then import it to the Windows machine running the SoapUI client.
In C#, create the SoapUI Client in this way:
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
EndpointAddress ea = new EndpointAddress(<URL address of the mock service, including the port>);
var soapClient = new port_TFEDI_typeClient(myBinding, ea);
Then set the certificate by calling soapClient.ClientCredentials.ClientCertificate.SetCertificate() with the proper parameters (they will depend on the certificate data, store location and store name in the client machine).
Have in mind that port_TFEDI_typeClient is the name of a service reference class that will depend on each project.
Finally, check the app.config file to be sure that the <client><endpoint> address matches the URL address of the mock service, including the port (as defined in the creation of the variable ea in the previous example).
---
Nope, not working for me after following your instructions two times. There's a problem in the second command, since it seems that it tries to use the same source and destination file (mock.keystore), bypassed by using a temp destination (mock.keystore.temp) and then erasing the source file and renaming the temp file to mock.keystore again.
Apart of that, everything works: keystore and truststore are generated, public certificate is generated and successfully imported into Windows Certificates Manager (dunno if that's the right name, but anyway, the windows utility for managing certs).
Then I configure SoapUI SSL settings by enabing mock SSL, setting keystore file and Mock KeyStore to the generated keystore file (mock.keystore), and the Mock TrustStore to the generated truststore (mock.truststore), always with their proper paths. I set all the passwords and finally I enable the client authentication. I've checked that it doesn't work if I set a wrong filename or wrong password, in these cases I get an error when starting the mock service. So I assume that all the settings are correct. Finally, the Mock port is set to -say- 880.
After that I restart SoapUI and I lauch the mock service, running on a different port to 880 because if I set the same ports I get an error (port already open).
My client is developed in C# with this simple code:
port_TFEDI_typeClient soapClient = new port_TFEDI_typeClient("Service_EME_Port", "https://localhost:880/Service/ServiceEME");
soapClient.ClientCredentials.ClientCertificate.SetCertificate("CN=localhost, OU=localhost, O=localhost, L=Unknown, S=Unknown, C=es", StoreLocation.LocalMachine, StoreName.TrustedPeople);
soapClient.Open();
ResponseMessageType response = soapClient.request();
Basically, it creates a new client object using https as transport and pointing to the url (https://localhost:880/Service/ServiceEME) where SoapUI Mock service is bound. Then it adds the client certificate (I see in the debug that the real certificate is properly retrieved) and then opens the client and makes a client request.
The request fails, I get an error "javax.net.ssl.SSLHandshakeException: null cert chain" in the SoapUI jetty log and then an "Unable to set a secure channel with localhost:880" in the client side.
I've checked that the same code works if I configure SoapUI to not performing a client authentication and I've checked that it is not a negotiation problem (if I only enable SSL3 in the client side, I get an error in SoapUI telling that it cannot negotiate with a SSL3 client), apart of -as said- being sure that the keystores, truststores and passwords are correct in SoapUI config (by setting wrong values and getting a proper error).
At this point, I don't know what else to test.
