Troubleshooting
Problem
Attempts to use SSL with SmartBear SoapUI and the HTTP Proxy Agent of IBM Rational Test Control Panel (RTCP) yield "peer not authenticated" errors.
Symptom
After configuring SoapUI to use the HTTPS Proxy Agent on port 3129 you are unable to access HTTP sites.
No replies are received and SoapUI reports the following error at the bottom of the screen:
]Error getting response; javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Cause
SoapUI does not trust the self-signed certificate used by the HTTP proxy Agent.
You need to use HTTPS to access a system and cannot use HTTP.
Diagnosing The Problem
Check the SoapUI error log soapui-errors.log located in the bin folder.
On Windows systems this is typically: C:\Program Files (x86)\SmartBear\SoapUI-4.6.4\bin
Resolving The Problem
Refer to the SmartBear SoapUI documentation at http://www.soapui.org in conjunction with this technote. The configuration of SoapUI might change in the future.
There are two solutions to this problem:
- Configure SoapUI to trust the Proxy certificate
- Use the HTTP to HTTPS feature of the Proxy
SOAPUI CERTIFICATE TRUST:
- Exit from SoapUI.
- Navigate to the SoapUI bin folder.
On Windows systems this is typically:C:\Program Files (x86)\SmartBear\SoapUI-<n.n.n>\bin
- Make a backup of file SoapUI-<n.n.n>.vmoptions.
- Navigate to the httptcp folder of an installation of RIT-Platform.
On Windows systems typically:C:\Program Files\IBM\RIT-Platform\httptcp
On non-Windows systems typically:/opt/IBM/RIT-Platform/httptcp
- View the registration.xml file and note the keystore pass phrase. Search for
keyStorePassword
:
keyStorePassword="<pass phrase here>"
- Copy the key store file greenhat.jks to the bin folder of SoapUI or a folder of your choice.
- Edit file SoapUI-<n.n.n>.vmoptions and add the following entries:
-Djavax.net.ssl.trustStore=greenhat.jks
-Djavax.net.ssl.trustStorePassword=<pass phrase here>
No path is required for trustStore if the file is placed in the bin folder.
- Save the file and re-start SoapUI.
- Click File > Preferences > Proxy Settings.
a) Click Manual for Proxy Setting.
b) Enter the hostname of the machine running the HTTP Proxy Agent.
c) Enter the port number of 3129 for HTTPS traffic
- Start recording in RIT Recording Studio and send your HTTPS messages in SoapUI.
They will now be recorded.
HTTP TO HTTPS:
If it is not possible or desired to modify the SoapUI configuration you can use the plain comms port of the HTTP Proxy. Port 3131 of the Proxy receives HTTP messages and re-sends them as HTTPS to the target system.
- Configure the SoapUI Proxy hostname, and port to be 3131.
- Send HTTP messages using the correct port number.
For example https://someserver/someService would become http://someserver:443/someService.
Recording Studio will record the messages as the destination and port number match the recording rule.
If in doubt, go to the Agents page of the Rational Test Control Panel (RTCP) and click Show Rules to verify what is being recorded.
Was this topic helpful?
Document Information
Modified date:
29 September 2018
UID
swg21665935