SoapUI is one of the best free tools around to test web services. Some time ago I was trying to send a soap message towards a SSL web service that was set up for client certificate authentication. I pretty soon got stuck at the “javax.net.ssl.SSLException: HelloRequest followed by an unexpected handshake message” error, but after reading several posts on the internet I solved that issue. It’s not really that complicated after all, but since I could not find a decent place on the internet that explains this scenario in a proper way, here’s a list of steps that you need to do to make it work.
Note: this following steps are based on a Windows environment
Step one:
Export your certificate (the one that you want to use as the client certificate) using the export wizard with the private key and with all certificates in the certification path:
Give it a password (anything you want):
And export it as a PFX file to a location somewhere on disk:
Step two:
Install the newest version of SOAP UI (currently it is 3.6.1)
Open the file C:\Program Files\eviware\soapUI-3.6.1\bin\ soapUI-3.6.1.vmoptions and add this line at the bottom:
-Dsun.security.ssl.allowUnsafeRenegotiation=true
This is needed because of a JAVA security feature in their newest frameworks (For further reading about this issue, read this: http://www.soapui.org/forum/viewtopic.php?t=4089 and this: http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html).
Open SOAPUI and go to preferences>SSL Settings and configure your certificate in the keystore (use the same password as in step one):
That should be it. Just create a new project and import the WSDL from the client authenticated SSL webservice:
And now you should be able to send soap messages with client certificate authentication.
The above steps worked for me, but please drop a note if it does not work for you.