After hunting around on this process a bit myself I've ironed out the details so you don't have to.
Important notes for importing your certificate:
Double click the client certificate
Click Next on the Import Wizard
Click Next on the file import screen
Type your private key password
Check the "Mark this key as exportable. This will allow you to back up or transport your keys at a later time." checkbox.
Click Next
Click Include all extended properties
Click Next
Click Next to Automatically select the certificate store
Click Finish
Click OK on the Import confirmation dialog
Click Next on the Import Wizard
Click Next on the file import screen
Type your private key password
Check the "Mark this key as exportable. This will allow you to back up or transport your keys at a later time." checkbox.
Click Next
Click Include all extended properties
Click Next
Click Next to Automatically select the certificate store
Click Finish
Click OK on the Import confirmation dialog
Next export your client certificate so it can be used by SoapUI
Export your client Certificate
Click Start
Type MMC and press enter
Click File and select add/remove snap-in
Select certificates from the Available snap-ins column
Click Add
Select My User Account
Click Finish
Click OK on the Add or Remove Snap-ins window
Expand Certificates - Current User
Expand Personal
Click Certificates
Select the desired certificate
Right Click the certificate and select All Tasks
Click Export
Click Next on the Welcome screen
Click Yes, Export the private key
Click Next
Click Personal Information Exchange - PKCS #12
Click Start
Type MMC and press enter
Click File and select add/remove snap-in
Select certificates from the Available snap-ins column
Click Add
Select My User Account
Click Finish
Click OK on the Add or Remove Snap-ins window
Expand Certificates - Current User
Expand Personal
Click Certificates
Select the desired certificate
Right Click the certificate and select All Tasks
Click Export
Click Next on the Welcome screen
Click Yes, Export the private key
Click Next
Click Personal Information Exchange - PKCS #12
Check Include all certificates in the certifcation path if possible.
Check Delete the private key if the export is sucessful
Click Next
Enter the cert password
Enter the cert password (password confirmation)
Click next
Select a name and location for the cert to be saved
Click save
Click Next
Click Finish
Click ok on the Confirmation dialog
Check Delete the private key if the export is sucessful
Click Next
Enter the cert password
Enter the cert password (password confirmation)
Click next
Select a name and location for the cert to be saved
Click save
Click Next
Click Finish
Click ok on the Confirmation dialog
Next set your SoapUI Configuration file
Open "C:\Program Files\eviware\soapUI-3.6.1\bin\soapUI-3.6.1.vmoptions" in a text editor
Add the follow line the end of the file
'-Dsun.security.ssl.allowUnsafeRenegotiation=true'Save the file
Add the follow line the end of the file
'-Dsun.security.ssl.allowUnsafeRenegotiation=true'Save the file
Open SoapUI
Expand the File Menu
Select Preferences
Click SSL Settings
Set the following settings:
keystore: path to your certificate
password: self explanatory
Check the 'Require client authentication' box
Click OK
password: self explanatory
Check the 'Require client authentication' box
Click OK
That's all that's to it! Create a new project with your webservice and test away!
Thanks a lot
ReplyDeleteHi. Thanks for the article. I can't seem to get TLS SSL working for me. I'm on mac. I imported a PEM cert to the project and the status is OK. I don't know where to put the "-Dsun.security.ssl.allowUnsafeRenegotiation=true" on mac, though I'm not getting the "javax.net.ssl.SSLException: HelloRequest followed by an unexpected handshake message" everyone seems to be getting. I'm not even sure the request is even using the cert, is there no setting on the request that one has to activate to enforce SSL?
ReplyDeletechlab, you will need to edit the bin\soapUI-3.6.1.vmoptions file in a text editor. The name may differ depending on the version of soapui you are running. Add '-Dsun.security.ssl.allowUnsafeRenegotiation=true'to the file and save it. Next follow the final steps for adding the path to the cert in the keystore and credentials.
ReplyDeleteplease let me know if this helps :-)
I am not able to select "Personal Information Exchange" from export wizard.
ReplyDelete