如何为SSL配置非自签名证书X509的SoapUI模拟服务
[英]How to configure SoapUI mock service with non self signed certificate X509 for SSL
问题描述
I have no problem to set up SoapUI mock service with self signed certificate by following the steps at 
通过执行以下步骤,我可以使用自签名证书设置SoapUI模拟服务没有问题
http://www.soapui.org/Service-Mocking/securing-mockservices-with-ssl.html . http://www.soapui.org/Service-Mocking/securing-mockservices-with-ssl.html 。
But now I want to test the mock service with a "real" certificate issue by Entrust Certification Authority - L1C. 但是,现在我想使用Entrust证书颁发机构-L1C颁发的“真实”证书来测试模拟服务。
Other information for this certificate is 该证书的其他信息是
- Ensures the identity of a remote computer 确保远程计算机的身份
- 1.2.840.113533.7.75.2 1.2.840.113533.7.75.2
- 2.23.140.1.2.2 2.23.140.1.2.2
It is valid until 2016. 有效期至2016年。
I used the command to import the certificate to server.keystore . 我使用命令将证书导入到server.keystore中。
c:\Program Files\Java\jre6\bin\keytool.exe -import -alias server -keystore server.keystore -storepass mypasss -file server_cer_issued_by_entrust.cer
(if I replace server_cer_issued_by_entrust.cer with a self signed (created) certificate it works) (如果我将server_cer_issued_by_entrust.cer替换为自签名(创建的)证书,则该证书有效)
I got the error in SoapUI which says ssh handshake error. 我在SoapUI中收到错误消息,提示ssh握手错误。
I just realize that it maybe not possible since the mock service is 127.0.0.1 but the actual certificate is issue for a web service like "mydomain.com", is that right? 我只是意识到,由于模拟服务是127.0.0.1 ,所以可能是不可能的,但是实际的证书是针对诸如“ mydomain.com”之类的Web服务颁发的,对吗?
1 个解决方案
解决方案1
0 2014-10-22 21:11:09
SOAPUI runs over java , and when java connects to SSL url performs two validations: SOAPUI运行在java之上,并且当java连接到SSL url时,将执行两个验证:
- Validate that the server certificate is trusted. 验证服务器证书是否受信任。
- Validate that the common name in subject distinguished name of the server certificate matches the domain. 验证服务器证书的主题专有名称中的公用名是否与域匹配。
I assume that the first validation pass since in the link instructions which you provide its specify the same keystore in mock service for both: keystore and truststore, and since server certificate is imported in this one there is no problem to pass this validation. 我假设第一次验证通过,因为您在提供的链接说明中为模拟服务指定了相同的密钥库:密钥库和信任库,并且由于服务器证书是在此证书库中导入的,因此通过此验证没有问题。
So probably as you said the problem is that your mock service is on 127.0.0.1 and your certificate is issued to be used in mydomain.com . 大概就像您说的那样,问题在于您的模拟服务位于127.0.0.1并且您的证书已颁发给在mydomain.com 。
A possible workaround is to disable SSL validation however this has no sense since as you said in the question you want to test the service with "real" certificate, instead maybe you can try editing host file and adding the mapping for 127.0.0.1 ip address for your certificate server domain, in your case: 可能的解决方法是禁用SSL验证,但是这没有意义,因为正如您在问题中所说的那样,您想使用“真实”证书来测试服务,相反,您可以尝试编辑host文件并为127.0.0.1 ip地址添加映射对于您的证书服务器域,在您的情况下:
127.0.0.1 mydomain.com
And then change the SOAPUI endpoint for your mock service to https://mydomain.com . 然后将您的模拟服务的SOAPUI端点更改为https://mydomain.com 。
Hope this helps, 希望这可以帮助,
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.