2 (two) way SSL using soapUI as client and server

soapUI has been a wonderful tool for testing webservices. It can also generate MockServices  which can be used for testing the client if you have the WSDL contract. This is a very quick way to get up and running. You can also add WS-Security to it. There is a very good tutorial on soapUI to for using SSL as well. I wanted to extend this to use 2 way SSL. I have keytool command-line utility for generating keystore and certificates.

On Server
keytool -genkey -alias server -keyalg RSA -validity 3650 -keystore c:\server.keystore -storepass abcd1234 -keypass abcd1234 

keytool -export -alias server -keystore c:\server.keystore -storepass abcd1234 -file c:\server.cer 

keytool -import -alias client -keystore c:\server.keystore -storepass abcd1234 -file c:\client.cer 

Settings on the server prior to generating the mock service:-


On Client
keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore c:\client.keystore -storepass abcd1234 -keypass abcd1234 

keytool -genkey -alias client -keyalg RSA -storetype PKCS12 -keystore c:\client.p12 -storepass abcd1234 -keypass abcd1234 

keytool -export -alias client -keystore c:\client.p12 -storetype PKCS12 -storepass abcd1234 -file c:\client.cer 

keytool -import -alias server -keystore c:\client.keystore -storepass abcd1234 -file c:\server.cer

Settings on the client prior to generating the request:-


Once the request is sent and the correct response is obtained after decryption :-

client after response

Raw response on client side :-

Raw response on client side

Raw response on server side:-

Raw response on server side

NOTE: Generate the request and MockService AFTER saving the SSL preferences and restarting soapUI. It might not work if you do it the other way around. Also, make sure you use https as the endpoint on the client end.

If wrong password is entered in client you will get bad_certificate response and it will not decrypt the response on the client end :-



7 thoughts on “2 (two) way SSL using soapUI as client and server

  1. Hi ejvyas,

    Thanks for the nice explanation on 2-way SSL setup in soapUI.
    I tried a setup as explained in your post but always get the error that the keystore has been modified or has been tampered with. I am sure I use the correct password as I can access everything correct with keytool.
    If I leave out the Mock Password in the preferences I get a JsseListerner NullPointerException.
    As I see you have some experience with setting it up, do you have any idea what might be the problem?

  2. Hi Maarten,

    I am also having the same problem i too can access with keytool and correct password i am having socket exception.Please let me know how you sloved your problem

  3. Hi,

    Whenever I try to generate response after doing the SSL settings I get error : java.netBindException: Address already in use

    Do you know why?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s