[英]How to configure SoapUI mock service with non self signed certificate X509 for SSL
I have no problem to set up SoapUI mock service with self signed certificate by following the steps at 通过执行以下步骤,我可以使用自签名证书设置SoapUI模拟服务没有问题
http://www.soapui.org/Service-Mocking/securing-mockservices-with-ssl.html . http://www.soapui.org/Service-Mocking/securing-mockservices-with-ssl.html 。
But now I want to test the mock service with a "real" certificate issue by Entrust Certification Authority - L1C. 但是,现在我想使用Entrust证书颁发机构-L1C颁发的“真实”证书来测试模拟服务。
Other information for this certificate is 该证书的其他信息是
It is valid until 2016. 有效期至2016年。
I used the command to import the certificate to server.keystore . 我使用命令将证书导入到server.keystore中。
c:\Program Files\Java\jre6\bin\keytool.exe -import -alias server -keystore server.keystore -storepass mypasss -file server_cer_issued_by_entrust.cer
(if I replace server_cer_issued_by_entrust.cer
with a self signed (created) certificate it works) (如果我将
server_cer_issued_by_entrust.cer
替换为自签名(创建的)证书,则该证书有效)
I got the error in SoapUI which says ssh handshake error. 我在SoapUI中收到错误消息,提示ssh握手错误。
I just realize that it maybe not possible since the mock service is 127.0.0.1
but the actual certificate is issue for a web service like "mydomain.com", is that right? 我只是意识到,由于模拟服务是
127.0.0.1
,所以可能是不可能的,但是实际的证书是针对诸如“ mydomain.com”之类的Web服务颁发的,对吗?
SOAPUI
runs over java
, and when java
connects to SSL
url performs two validations: SOAPUI
运行在java
之上,并且当java
连接到SSL
url时,将执行两个验证:
I assume that the first validation pass since in the link instructions which you provide its specify the same keystore in mock service for both: keystore and truststore, and since server certificate is imported in this one there is no problem to pass this validation. 我假设第一次验证通过,因为您在提供的链接说明中为模拟服务指定了相同的密钥库:密钥库和信任库,并且由于服务器证书是在此证书库中导入的,因此通过此验证没有问题。
So probably as you said the problem is that your mock service is on 127.0.0.1
and your certificate is issued to be used in mydomain.com
. 大概就像您说的那样,问题在于您的模拟服务位于
127.0.0.1
并且您的证书已颁发给在mydomain.com
。
A possible workaround is to disable SSL
validation however this has no sense since as you said in the question you want to test the service with "real" certificate, instead maybe you can try editing host
file and adding the mapping for 127.0.0.1
ip address for your certificate server domain, in your case: 可能的解决方法是禁用
SSL
验证,但是这没有意义,因为正如您在问题中所说的那样,您想使用“真实”证书来测试服务,相反,您可以尝试编辑host
文件并为127.0.0.1
ip地址添加映射对于您的证书服务器域,在您的情况下:
127.0.0.1 mydomain.com
And then change the SOAPUI endpoint for your mock service to https://mydomain.com
. 然后将您的模拟服务的SOAPUI端点更改为
https://mydomain.com
。
Hope this helps, 希望这可以帮助,
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.