Validate Server SSL Certificate Against Soap-UI TrustStore
Dear All, I am trying to create a Soap-UI test which does a call against a server with a verified certificate by the CA (Certificate Authority) of my client. We want to validate this against a truststore in soap-ui to validate if the server certificate is indeed the correct, signed certificate we expect. My problem is that my test always succeeds, I actually want my test to succeed when the server presents a signed certificate, but I want the test to fail if the server presents a self-signed certificate. I have tried this with both SoapUI-5.5.0 as well as ReadyAPI 2.8. I have tried starting SoapUI withSSLv3 and TLS in the vmoptions configuration file. I have ofcourse imported the truststore in SoapUI in "Show Project View" menu, and I have done step 4. from the documentation on page: https://www.soapui.org/soapui-projects/ws-security.html Which I expect links my truststore to the project. I have not changed anything in SSL in the Preferences. On the latter page we also notice that in step 1.9 in the Authentication menu the "Incoming WSS:" selection box can be found in the documentation, but it is not there in our application (Both the SoapUI and ReadyAPI). This menu is also not present after uploading the truststore and finishing step 4.
SSL Certificate verification missing
Hi Community, I've been trying to get SoapUI 5.5. (OpenSource) to verify and reject my self-signed ssl server certificate for security reasons (self-signed, not trusted), just like other clients do. Where can I switch the behavior between test and live environment? I need the verification enabled. In my case soapui just accepts the connection and does not even notify about any security issues. I have searched the database but didn't find much information. Thanks in advance.
How to change the TLS version SoapUI uses for MQTT
Hi everyone, I am currently trying to get a "Receive MQTT Message"-TestStep to work which always runs into a timeout. After checking all URLs, ports and changing vmoptions to use TLS 1.2 I still had no success. I found an issue on Github that seems to describe a possible solution for my problem: https://github.com/eclipse/paho.mqtt.java/issues/309 Here the SocketFactory that is required for the MqttClient has been created with "TLSv1". According to the issuer of that ticket changing it to "TLSv1.2" fixed his problem. I took a look into the source code for the MQTT plugin by SmartBear (https://github.com/SmartBear/ready-mqtt-plugin/blob/master/src/main/java/com/smartbear/mqttsupport/connection/ssl/SSLCertsHelper.java) and noticed that "TLSv1" seems to be hardcoded: SSLContext context = SSLContext.getInstance("TLSv1"); Does anyone know if this means that MQTT will always use TLSv1 even if I changed my vmoptions to use TLSv1.2 ? I tried recompiling this plugin after changing TLS to "TLSv1.2" in the code but just replacing it does not seem to work as all testSteps (not only MQTT) are missing afterwards. Best regards Max
SOAP Envelope can not have children other than SOAP Header and Body when calling HTTPS service
I have an HTTPS SOAP service that I'm trying to call via SoapUI. My request looks like this: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:com-softwareag-entirex-rpc:RSSA"> <soap:Header/> <soap:Body> <urn:RSSA000S/> </soap:Body> </soap:Envelope> however the response I always get back is: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>Sender</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">SOAP Envelope can not have children other than SOAP Header and Body</soapenv:Text> </soapenv:Reason> <soapenv:Detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> I'm not sure why this is. Even when I remove the urn:RSSA000S child, the error is the same. Advice is appreciated.
Mock Service security protocol control
In soapUI the security protocol can be controlled for client projects with an entry in the vmoptions config file E.G. -Dsoapui.https.protocols=SSLv3,TLSv1.2 However from my testing it looks like this option does not affect mock service projects.If there is currently a way tocontrol the protocol for mock service projects please let me know, if there isn't I will request it as a new feature. Thanks, Steve
SOAP/HTTPS -SSL Issue - Extension unknown: DER encoded OCTET
SOAPUI 5.2.1 (Open Source) on Windows 7 Enterprise Hi, We have a SOAP based web service runningon HTTPSon a remote server with the SSL Key signed by the internal CA. I downloaded the WSDL using the IE Browser over HTTPS and saved it into a file. Created new SOAPUI project using the WSDL file created in previous step with sample request messages created automatically. I installed client certificate as .PFX file in a local directory and updated global SSL Settings (File --> Preferences--> SSL Settings) pointing to the client.pfx file with password, also checked 'client authentication' box. Also edited SOAPUI-5.2.1.vmoptions with following parameter: -Dsun.security.ssl.allowUnsafeRenegotiation=true and edited soapui.bat with JAVA_OPTS with: -Dsoapui.https.protocols=TLSv1.2,TLSv1, SSLv3 -Dsoapui.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA When I invoke the web service I get HTTP/1.1 200 OK in response header but I do not see anything in the response window which remains blank. There is also nothing in the 'error log'. when I look into the 'SSL info(1 certs)' and inspect it I can see certificate details with one interesting entrywhich says: [2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false Extension unknown: DER encoded OCTET String = There are total 8 Certificate Extensions in the SSL Info (1 certs)tab. Need help resolve this error as we cannot make any progress. Really appreciate your help! Many Thanks! Salman