SoapUI is one of the best free tools around to test web services. Some time ago I was trying to send a soap message towards a SSL web service that was set up for client certificate authentication. I pretty soon got stuck at the “javax.net.ssl.SSLException: HelloRequest followed by an unexpected handshake message” error, but after reading several posts on the internet I solved that issue. It’s not really that complicated after all, but since I could not find a decent place on the internet that explains this scenario in a proper way, here’s a list of steps that you need to do to make it work.
Note: the following steps are based on a Windows environment
Step one:
Export your certificate (the one that you want to use as the client certificate) using the export wizard with the private key and with all certificates in the certification path:
Picture_(Device_Independent_Bitmap)_1_1_thumb.jpg "Picture_(Device_Independent_Bitmap)_1")_1_2.jpg)
Picture_(Device_Independent_Bitmap)_2_2_thumb.jpg "Picture_(Device_Independent_Bitmap)_2")_2_2.jpg)
Give it a password (anything you want):
Picture_(Device_Independent_Bitmap)_3_3_thumb.jpg "Picture_(Device_Independent_Bitmap)_3")_3_2.jpg)
And export it as a PFX file to a location somewhere on disk:
Picture_(Device_Independent_Bitmap)_4_4_thumb_1.jpg "Picture_(Device_Independent_Bitmap)_4")_4_4.jpg)
Step two:
Install the newest version of SOAP UI (currently it is 3.6.1)
Open the file C:\Program Files\eviware\soapUI-3.6.1\bin\ soapUI-3.6.1.vmoptions and add this line at the bottom:
-Dsun.security.ssl.allowUnsafeRenegotiation=true
Picture_(Device_Independent_Bitmap)_5_5_thumb.jpg "Picture_(Device_Independent_Bitmap)_5")_5_2.jpg)
This is needed because of a JAVA security feature in their newest frameworks (For further reading about this issue, read this: http://www.soapui.org/forum/viewtopic.php?t=4089 and this: http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html).
Open SOAPUI and go to preferences>SSL Settings and configure your certificate in the keystore (use the same password as in step one):
Picture_(Device_Independent_Bitmap)_6_6_thumb.jpg "Picture_(Device_Independent_Bitmap)_6")_6_2.jpg)
That should be it. Just create a new project and import the WSDL from the client authenticated SSL webservice:
Picture_(Device_Independent_Bitmap)_7_7_thumb.jpg "Picture_(Device_Independent_Bitmap)_7")_7_2.jpg)
And now you should be able to send soap messages with client certificate authentication.
The above steps worked for me, but please drop a note if it does not work for you.
