IBM Support

HTTPS requests with SoapUI and the HTTP Proxy Agent fail

Troubleshooting


Problem

Attempts to use SSL with SmartBear SoapUI and the HTTP Proxy Agent of IBM Rational Test Control Panel (RTCP) yield "peer not authenticated" errors.

Symptom

After configuring SoapUI to use the HTTPS Proxy Agent on port 3129 you are unable to access HTTP sites.

No replies are received and SoapUI reports the following error at the bottom of the screen:

]Error getting response; javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Cause

SoapUI does not trust the self-signed certificate used by the HTTP proxy Agent.

You need to use HTTPS to access a system and cannot use HTTP.


Diagnosing The Problem

Check the SoapUI error log soapui-errors.log located in the bin folder.

On Windows systems this is typically: C:\Program Files (x86)\SmartBear\SoapUI-4.6.4\bin

Resolving The Problem

Refer to the SmartBear SoapUI documentation at http://www.soapui.org in conjunction with this technote. The configuration of SoapUI might change in the future.

There are two solutions to this problem:

  • Configure SoapUI to trust the Proxy certificate
  • Use the HTTP to HTTPS feature of the Proxy


SOAPUI CERTIFICATE TRUST:

  1. Exit from SoapUI.

  2. Navigate to the SoapUI bin folder.

    On Windows systems this is typically: C:\Program Files (x86)\SmartBear\SoapUI-<n.n.n>\bin

  3. Make a backup of file SoapUI-<n.n.n>.vmoptions.

  4. Navigate to the httptcp folder of an installation of RIT-Platform.

    On Windows systems typically: C:\Program Files\IBM\RIT-Platform\httptcp
    On non-Windows systems typically: /opt/IBM/RIT-Platform/httptcp

  5. View the registration.xml file and note the keystore pass phrase. Search for keyStorePassword:

    keyStorePassword="<pass phrase here>"

  6. Copy the key store file greenhat.jks to the bin folder of SoapUI or a folder of your choice.

  7. Edit file SoapUI-<n.n.n>.vmoptions and add the following entries:

    -Djavax.net.ssl.trustStore=greenhat.jks
    -Djavax.net.ssl.trustStorePassword=<pass phrase here>

    No path is required for trustStore if the file is placed in the bin folder.

  8. Save the file and re-start SoapUI.

  9. Click File > Preferences > Proxy Settings.

    a) Click Manual for Proxy Setting.
    b) Enter the hostname of the machine running the HTTP Proxy Agent.
    c) Enter the port number of 3129 for HTTPS traffic

  10. Start recording in RIT Recording Studio and send your HTTPS messages in SoapUI.
    They will now be recorded.

HTTP TO HTTPS:

If it is not possible or desired to modify the SoapUI configuration you can use the plain comms port of the HTTP Proxy. Port 3131 of the Proxy receives HTTP messages and re-sends them as HTTPS to the target system.

  1. Configure the SoapUI Proxy hostname, and port to be 3131.

  2. Send HTTP messages using the correct port number.

    For example https://someserver/someService would become http://someserver:443/someService.


Recording Studio will record the messages as the destination and port number match the recording rule.

If in doubt, go to the Agents page of the Rational Test Control Panel (RTCP) and click Show Rules to verify what is being recorded.

[{"Product":{"code":"SSBLQQ","label":"IBM Rational Test Workbench"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Rational Integration Tester","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF033","label":"Windows"}],"Version":"8.0;8.5;8.6;8.7;9.0;9.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 September 2018

UID

swg21665935

Page Feedback