Forum Discussion

opontes_udzs's avatar
opontes_udzs
New Contributor
12 months ago

Security configuration for SOAP project using two way SSL with client certificate for auth

Hello Community,

 

I am struggling with configuration of my SOAP project to use client certificate in two way SSL encryption tunnel. I tryied both these guides:
https://www.soapui.org/docs/soapui-projects/ws-security/

https://www.soapui.org/docs/security-testing/ws-security-settings/  

But unfortunatelly I cannot connect to the server.

 

When I use CURL with cert and key it is working like a charm:

curl --request GET --url https://XXXX/service1\?WSDL --cert cert.pem --key key.pem

OR

curl --request POST --url https://XXXX/service1 --cert cert.pem --key key.pem --header 'Content-Type: text/xml' --verbose -d @request.xml

 

However when I create JKS trustore with both of them and I add it to SoapUI, according those guides, I am getting unauthorized response all the time. 

 

I tried it on Windows10 and Ubuntu22.04 with SoapUI 5.7.1

 

Could you please give me nudge or hint how should I configure the SoapUI project to authenticate using 2 way SSL?

Thank you.

  • geckels1's avatar
    geckels1
    New Contributor

    I am having the exact same problem and have followed the exact same steps except I used Python Zeep instead of curl where it worked. I also have a .pfx file and while I was able to successfully add that to the keystore, I could never successfully make the connection as I have a feeling the service wants a separate .crt and .key file.

    • geckels1's avatar
      geckels1
      New Contributor

      So I was able to finally connect. I don't know if this applies to you, but after adding the certificate to the KeyStore, I added the certificate to the `SSL Keystore` property as indicated in the screenshot where I have the cert blacked out and it worked.

      • opontes_udzs's avatar
        opontes_udzs
        New Contributor

        This approach doesn't work for me. Maybe there is a problem with multiple aliases in jks or those aliases are encrypted or something else. But I don't even know how to debug it.