Im consuming a SOAP web service which has two-way SSL enabled. So I provided the client cert ( public key) to the server and configured the private key in my SOAP UI client project. Im able to consume the web service. But what I do not understand is, shouldn't I confugure server's certificate ( that can be extacted using the endpoint through browser) explicitly in SOAP UI to enable two way SSL? or SOAPUI takes care of if automatically?
Asked
Active
Viewed 145 times
1 Answers
1
Seems that in SOAP UI there is no SSL verification, since it's bypassing it by code. In the main class which starts the application, there is a call to SecureTools.setTrustSSL(); in main(args[]) method. If you check what SecureTools.setTrustSSL() method does, it modifies SSL default context factory with a trustManager which not does any check.
albciff
- 18,112
- 4
- 64
- 89
-
Hi @albciff, I did not expicitly add server's public key to my cacerts file either. Thats why I do not understand how SoapUI validates it. However this server sertificate is present in the SOAP request. – Kevin Aug 30 '22 at 02:48
-
1@Kevin you're right, I just checked the current SOAPUI version and there is no ssl validation, I review also old versions and seems that this change was made long ago, I remeber that I must change cacerts probably with first releases of soapui. I update my answer :). – albciff Aug 30 '22 at 06:50