2

I want to run some tests against an internal (with an internally minted cert) web service using SoapUI. I am not sure I fully grasp the SSL handshake stuff. But I exported the cert for the endpoint to a .cer file, then fired up java keytool with this command:

keytool -import -alias ca -file myservice.cer -keystore cacerts –storepass changeit

Which I got from another SO question. Then I added this truststore file (cacerts) to the project properties in SoapUI. But when I try to add a WSDL to the project, I still get the same error as before:

Error loading [https://myservice?wsdl]: org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Am I completely off base? Do I add all the certs in the chain to the truststore? I wasn't able to do that, it told me that the alias was already in use? Or should I just get a cert minted from an outside trusted authority?

Community
  • 1
  • 1
Don Zacharias
  • 1,544
  • 2
  • 14
  • 31
  • 1
    Check out this [answer](http://stackoverflow.com/a/12146838/1788964) to a [SO question](http://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find) about the error you are getting. The OP there was using a self signed certificate. – Abhishek Asthana Feb 28 '14 at 14:06
  • Thanks! Still not working though. I tried adding the 3 certs in the chain to the existing keystore, and also to a newly created keystore, and referencing that keystore in my SoapUI project, but still getting the same error when trying to add the WSDL. – Don Zacharias Feb 28 '14 at 22:07
  • I got this to work by adding the non-secured WSDL. Turns out the WSDL could be set to be available to HTTP while requiring SSL on endpoints themselves. – Don Zacharias Mar 03 '14 at 23:32

1 Answers1

1

The SOAP UI raise the exception because your certificate not properly installed in SOAP UI trust store.

To resolve the above exception follow the below steps.

  1. Export the certificate from the key store or browser (which contain the public key)
  2. Go to the SOAPUI installed directory and locate following directory \SmartBear\soapUI- 4.0.1\jre\lib\security
  3. Import the certificate in to cacerts trust store (Which is the default trust store)
  4. Restart the SOAP UI and load the WSDL...

To understand more about SSL ... follow the below link ...JSSE documentation

Vengat Maran
  • 77
  • 4