Eviware Forum

I have been searching the forums on how to get SSL client certs to work with soapUI. I have specified the keystore and password but it does not look like soapUI is presenting the client certificate during SSL negotiations.

Is this a supported feature? If it is, can you specify the steps to follow to get this feature working?

Thanks,
--Daniel

Hi Daniel,

this is how it is supposed to work.. which soapUI version are you using?

You can also try your certificate by specifying it directly in the keystore setting (ie specify the certificate file instead of the keystore)..

Please try 1.7.5 beta2 which has updated SSL support.. also please note if you are getting any errors in the log when specifying the certificate..

regards!

/Ole
eviware.com

Hi Ole,

I am using soapui v 1.7.

I noticed that when I display the contents of my keystore file,
it shows mykey as a trustedCertEntry - I had read somewhere
that mykey needs to be a keyEntry and gave a command using
openssl on how to convert the crt cert file into a .cer or .der that
soapui will use.

Any more info on this?

thanks,
--Daniel


C:\MNG\certificates>keytool -list
Enter keystore password:  fidelity

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

mykey, Jul 23, 2007, trustedCertEntry,
Certificate fingerprint (MD5): 8A:FA:C1:0D:D0:D2:6E:11:DB:91:0B:4C:8C:BD:44:91[/color]

Hi Daniel,

thanks for your feedback.. Would it be possible for you to try this with the beta2 version of soapUI 1.7.5 which has an updated ssl-library for reading and negotiating keys.. (and we could continue our error-search from there if it doesn't work)..  let me know!

kind regards,

/Ole
eviware.com

Hi Ole,

I have installed soapUI 1.7.5 Pro beta and the same issue occurs.
I had listed the contents of the .keystore file in the prior posting.

It seems soapUI has a problem reading the keystore with the error:

2007-07-23 17:06:09,955 INFO  [HttpClientSupport$Helper] Updating keyStore..
2007-07-23 17:06:09,971 ERROR [HttpClientSupport$Helper] Failed to load KeyMaterial [C:\Documents and Settings\A416304\.keystore] org.apache.commons.ssl.ProbablyBadPasswordException: Probably bad JKS password: java.io.IOException: Keystore was tampered with, or password was incorrect
2007-07-23 17:06:09,971 INFO  [HttpClientSupport$Helper] Updating keyStore..
2007-07-23 17:06:09,971 ERROR [HttpClientSupport$Helper] Failed to load KeyMaterial [C:\Documents and Settings\A416304\.keystore] java.security.KeyStoreException: No private keys found in keystore!

Hi Daniel,

thanks.. we'll look into this and I'll get back to you..

one question: can you mail me the keystore for debugging? (ole@eviware.com) .. of course it's perfectly understandable if you cant :-)

regards!

/Ole
eviware.com

Hi Daniel ,

I am also facing the same issue ,whenever i import the keystore soap ui says no private key found.

Just wondering if u happen to have a solution for this .

Hey Ole,

Can u pls let me know if there is any way out .

thanks

Hi!

you need to import both the certificate and the private key into your keystore, which isn't as easy as it sounds ;-) Fortunately, there is help at hand at http://www.agentbob.info/agentbob/79.html (credit to Daniel who found this link..)

Hope this helps!

regards,

/Ole
eviware.com