Forum Discussion

Tom_Arn's avatar
Tom_Arn
Contributor
11 years ago

soapUI 4.6.4 not sending client certificate

I use a 3rd party https webservice that requires client authentication with a certificate.

With soapUI 3.6.1 this works fine, with soapUI 4.6.4 it does not work because soapUI 4.6.4 does not send the client certificate during the handshake. The certificate is defined the same way for both versions (in Preferences -> SSL Settings)

How does soapui know which client certificate from the keystore it should choose??
Is this somehow based on the presented server certificate (in 4.6.4) ?
If yes, then I have problem because the client certificate I need to use is not derived from the certificate chain of the server certificate. Instead, I made a self-signed certificate and the admins put my public certificate into their webservice for verification.

So, I would need to have a way to define which certificate of the keystore should be used when communicating with the webservice.
Or, is there a way to force soapUI 4.6.4 to send the client certificate (there is only 1 in the keystore) ?

Thanks in advance
Tom
  • esctho1's avatar
    esctho1
    New Contributor
    I have the same problem:
    - use a 3rd party https web service that requires client authentication with a certificate
    - configure the keystore in Preferences -> SSL Settings
    - it works fine with SoapUI 4.0.0
    - it does not work with SoapUI 4.6.4

    It does not work means: the web service complains about missing client certificate.
    By the way: I go via a proxy server. It is configured manually in the Proxy Settings.

    If I compare the "SSL Info" of the response, then I see in SoapUI 4.0.0 local and peer certificates but in SoapUI 4.6.4 I see peer certificates only.

    Do you have any idea?
    Thanks in advance.
    Thomas.
  • The problem is still unsolved.
    No comment on this problem from the SmartBear guys?

    Is there anyone who has successfully used soapUI 4.6.4 with client certificate authentication?
    Will updating to soapUI 5.x solve the problem?

    Thanks
    Tom
  • esctho1's avatar
    esctho1
    New Contributor
    Unfortunately the problem is NOT solved with 5.0.0! >:( (Also the "angry smiley" is not working ...)

    Is there anybody from the support who takes care about it?

    Thomas.
  • Hi,

    We are also experiencing this issue with SoapUI 5.0 when connecting to an endpoint that requires a client certificate. The issue occurs when we attempt to connect via a NTLM authenticated proxy server. If we bypass the proxy server, the request works as expected.

    On the server side, we can see that a client certificate is presented as expected when the connection bypasses the proxy. When the connection is set to use the proxy, a client certificate is NOT presented. We can connect to the same endpoint from browsers etc (by importing the neccessary client certificate) via the proxy, so this problem is specific to SoapUI.

    This is a significant problem for us because all of the outbound traffic in our organisation will be forced through a proxy in the near future.

    Any news of a resolution or workaround?
  • Many thanks to dmaddox! Your post help me to work around my soapui problem.

    I can confirm that also with soapUI 4.6.4 this client certification problem only occurs when the proxy is active.
    When I do not have the proxy defined the certificate is sent and the requests work ok.

    Our proxy does not use any authentication, so the problem is not only with NTML authenticated proxies.

    @SmartBear: I hope these two posts help you fix the problem soon

    Tom
  • Hi,

    I've managed to fix this issue for version 5.0.0. Unfortunately the fix needs a code change, so I can't provide a workaround. Line 273 of class com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory needs to be changed form
    "SSLSocket sslSocket = ( SSLSocket )getSocketFactory().createSocket( socket, host, port, autoClose );"
    to
    "SSLSocket sslSocket = ( SSLSocket )sslContext.getSocketFactory().createSocket( socket, host, port, autoClose );"

    That's it.

    For those who want to test with this change I've provided the class (and inner class) as attachment. Remove the .txt extension and replace the file in bin\soapui-5.0.0.jar and you're good to go.

    Cheers!
    Mark
  • Hi,

    I've managed to fix this issue for version 5.0.0. Unfortunately the fix needs a code change, so I can't provide a workaround. Line 273 of class com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory needs to be changed form
    "SSLSocket sslSocket = ( SSLSocket )getSocketFactory().createSocket( socket, host, port, autoClose );"
    to
    "SSLSocket sslSocket = ( SSLSocket )sslContext.getSocketFactory().createSocket( socket, host, port, autoClose );"

    That's it.

    I tried to upload the changed class as attachment but that failed, so you have to rebuild soapui yourself.

    Cheers!
    Mark
  • Thanks for the patch. It works as expected and fixes the problem.
    • ruiper's avatar
      ruiper
      Frequent Visitor

      Anyone know if this has been fixed in version 5.4? I run SOAPUI on Windows and am loth to try and hack the code myself.

       

      Anyone know if it works in the commercial version maybe?