How to configure SoapUI with client certificate authentication

How to configure SoapUI with client certificate authentication

(A document from Gerard van der Maaden)

SoapUI is one of the best free tools around to test web services. Some time ago I was trying to send a soap message towards a SSL web service that was set up for client certificate authentication. I pretty soon got stuck at the “javax.net.ssl.SSLException: HelloRequest followed by an unexpected handshake message” error, but after reading several posts on the internet I solved that issue. It’s not really that complicated after all, but since I could not find a decent place on the internet that explains this scenario in a proper way, here’s a list of steps that you need to do to make it work.

Note: this following steps are based on a Windows environment

Step one:

Export your certificate (the one that you want to use as the client certificate) using the export wizard with the private key and with all certificates in the certification path:

Give it a password (anything you want):

And export it as a PFX file to a location somewhere on disk:

Step two:

Install the newest version of SOAP UI (currently it is 3.6.1)

Open the file C:\Program Files\eviware\soapUI-3.6.1\bin\ soapUI-3.6.1.vmoptions and add this line at the bottom:

-Dsun.security.ssl.allowUnsafeRenegotiation=true

This is needed because of a JAVA security feature in their newest frameworks (For further reading about this issue, read this: http://www.soapui.org/forum/viewtopic.php?t=4089 and this: http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html).

Open SOAPUI and go to preferences>SSL Settings and configure your certificate in the keystore (use the same password as in step one):

That should be it. Just create a new project and import the WSDL from the client authenticated SSL webservice:

And now you should be able to send soap messages with client certificate authentication.

The above steps worked for me, but please drop a note if it does not work for you.