2 (two) way SSL using soapUI as client and server

security, web services

soapUI has been a wonderful tool for testing webservices. It can also generate MockServices  which can be used for testing the client if you have the WSDL contract. This is a very quick way to get up and running. You can also add WS-Security to it. There is a very good tutorial on soapUI to for using SSL as well. I wanted to extend this to use 2 way SSL. I have keytool command-line utility for generating keystore and certificates. 

On Server


keytool -genkey -alias server -keyalg RSA -validity 3650 -keystore c:\server.keystore -storepass abcd1234 -keypass abcd1234 




keytool -export -alias server -keystore c:\server.keystore -storepass abcd1234 -file c:\server.cer 




keytool -import -alias client -keystore c:\server.keystore -storepass abcd1234 -file c:\client.cer 




Settings on the server prior to generating the mock service:-


server


On Client


keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore c:\client.keystore -storepass abcd1234 -keypass abcd1234 




keytool -genkey -alias client -keyalg RSA -storetype PKCS12 -keystore c:\client.p12 -storepass abcd1234 -keypass abcd1234 




keytool -export -alias client -keystore c:\client.p12 -storetype PKCS12 -storepass abcd1234 -file c:\client.cer 




keytool -import -alias server -keystore c:\client.keystore -storepass abcd1234 -file c:\server.cer




Settings on the client prior to generating the request:-


client 


Once the request is sent and the correct response is obtained after decryption :-


client after response 


Raw response on client side :-


Raw response on client side 


Raw response on server side:-


Raw response on server side 






NOTE: Generate the request and MockService AFTER saving the SSL preferences and restarting soapUI. It might not work if you do it the other way around. Also, make sure you use https as the endpoint on the client end.


If wrong password is entered in client you will get bad_certificate response and it will not decrypt the response on the client end :-


bad_certificate



		
	
			

			
				

	
	

		
			



						
						



			

			7 thoughts on “2 (two) way SSL using soapUI as client and server


		
    
					
  1. 
			
    
				

				
    
					
    Hi ejvyas,
    

    Thanks for the nice explanation on 2-way SSL setup in soapUI. 
    I tried a setup as explained in your post but always get the error that the keystore has been modified or has been tampered with. I am sure I use the correct password as I can access everything correct with keytool. 
    If I leave out the Mock Password in the preferences I get a JsseListerner NullPointerException.
    As I see you have some experience with setting it up, do you have any idea what might be the problem?
    
				
    

				
    Reply
    			
    
		
    2. 
		
  2. 
			
		
    3. 
		
  3. 
			
    
				

				
    
					
    Hi Maarten, 
    

    I am also having the same problem i too can access with keytool and correct password i am having socket exception.Please let me know how you sloved your problem
    
				
    

				
    Reply
    			
    
		
    4. 
		
  4. 
			
		
    5. 
		
  5. 
			
    
				

				
    
					
    Hi,
    

    Are you using here two different instances of the SOAPUI? one for sending request and another one for response?
    

    Regards,
    Ashish
    
				
    

				
    Reply
    			
    
		
    6. 
		
  6. 
			
    
				

				
    
					
    Hi,
    

    Whenever I try to generate response after doing the SSL settings I get error : java.netBindException: Address already in use
    

    Do you know why?
    

    Regards,
    Ashish
    
				
    

				
    Reply
    			
    
		
    7. 
		
  7. 
			
		
    8. 
		


		
		
	
		

		
Leave a reply to Vyas Cancel reply