I need to be able to hit a web service using SoapUI to inspect the request and response. I was previously provided with a certificate in the form of a .PFX file, along with the keystore password, which I could import into SoapUI and successfully hit the service.
The certificate I was provided recently expired, and my company has now deployed a new certificate via SCCM to my machine. I have the certificate installed in both Local Machine and Current User.
My question is:
Is there a way to use an installed certificate (meaning I can't export it first) to complete the SSL/TLS handshake when making a request via SoapUI?
Everything I've been able to find on the web has referenced exporting the certificate and setting the SSL settings in SoapUI (like I did before). Unfortunately, I do not have required authority to export the certificate to a .PFX file with a keystore password...
I assume there has to be a configuration setting of some sort in SoapUI that will let me hit the service with my installed certificate, but I can't find it for the life of me. Any help is greatly appreciated!
Even confirmation that it's impossible is appreciated; just not as much as I would appreciate a solution ;)
Thanks in advance!
Related
I try to test REST api in Postman but every time I try to POST I get the following error
Error: self signed certificate in certificate chain.
I have tried with the SSL certificate verification on and off but both methods dont work. Postman is also updated to latest v7.3.6.
Tbh I dont know what to try anymore and would really appreciate any tip.
Go to Postman Settings > General > turn OFF SSL certificate verification
"make ssl certificate verification on and make it still work"
If you're under organization environment, you can:
Export your organization self-signed certificate as Base-64 encoded X.509 (.CER) format flat file. It could be done from Chrome.
Go back to Postman: Settings -> Certificates -> CA Certificates, switch on and select the file you just exported.
Adding CA certificates doesn't work for me. My certs are not self-signed but got the same error. Adding client certificates solved my problem. Quoted docs from Postman here: To send requests to an API that uses mutual TLS authentication, add your client certificate to Postman.
I used mkcert and here's how I managed to get rid of the error :
On the Site Information Icon, click where it's written Connection Not Secure
On the Connection Info dialog, click on More Information
On Page Info, click on View Certificate
On the Certificate tab, scroll down till where you'll see 2 links for the PEM files, and download the PEM (Chain) file
On Postman, go to Settings -> Certificates -> CA Certificates (make sure the toggle button is ON), and specify (click on Select File) the location of your PEM Chain file.
There you are !!!
I had never installed SSL onto a Windows Server before, now I ran into a problem.
I had a website hosted by Smarter ASP, and I got a SSL certificate from them. Then I moved the website into Azure as a App Service, without creating a virtual server myself. I imported the pfx file into Azure, and it worked.
Now I want to move the website into AWS.
I created a Windows Server EC2 instance in AWS. I did all the A Record and CNames changes. Now when I request "www.teacherspet.net.au", the home page is returned without any problem.
I then did the following to import the SSL certificate into the AWS EC2 server:
On "Server Certificates", I imported the pfx file using "WebHosting" as the certificate store;
I added a HTTPS binding on the site, with ip address being "*" and host name being empty;
I checked the "Require SSL" checkbox on "SSL Settings".
I have also added the same pfx file into intermediate certificate:
However, when I requested "https://www.teacherspet.net.au", I got
This site can’t be reached
www.teacherspet.net.au took too long to respond.
Why? I can't figure out what went wrong. Please help!
I am terribly sorry for the silly mistake - when I created the Network ACL inbound rule, instead of selecting "HTTPS (443)", I accidentally selected "HTTPS* (8443)". Once I corrected it, everything works. Thank you disflux for your help!
Background: I'm a complete newbie when it comes to certificates.
We have a site running at https://global.projacked.com
The certificate is issued by AWS.
All works well for most of our customers but...
One of them is experiencing the following:
And when I click on "view certificate" I see:
So the question is: can we do anything on our end to make this work?
If not: what can I tell my customer to do to make it work? Is it a question of them updating their certificate? Or might it be cause by them being in a secured network (e.g. VPN)?
Thank you immensely in advance for your help
Your site global.projacked.com is serving a valid SHA-256 certificate. The customer who has reported this issue appears to be having its HTTPS traffic intercepted and inspected by some sort of a MITM software or device (the Issuer -- apotex-CA -- on the certificate they're seeing gives it away). The MITMing entity is generating a certificate that is trusted by the customer's browser but it happens to be a SHA-1 certificate causing Chrome to complain.
You cannot do anything to fix their issue. A lot of MITM software vendors have released updates that create SHA-256 certificates to avoid situations such as this. They can probably check to see if there are updates they can install that generate SHA-256 certificates or read this or this to see if they really need to have TLS traffic intercepted and inspected. Sadly, I've seen organizations where the "solution" to this issue is to install an older version of Chrome that did not care about SHA-1 certificates and disable auto-update. After all, burying your head in the sand is very good at blocking all the noise about this little thing called security.
The certificate issuer should be able to issue a certificate under SHA-256. You'll then need to replace the certificate on the server.
Some certificate authorities can give you new cert as a re-issue of the old one, some will require CSR (Certificate Signing Request) that can be constructed based on the existing private key, which likely resides on the server too.
I am trying to add a web reference for a web service but it prompts me to select a certificate. The cert is installed in my trust store and uploaded on the web services's server. But when i request the wsdl (in browser/uddi) i dont see my cert in the select cert pop up. Note that my cert does not have any private key and its a .cer format. I have already tried importing the certificate in web browser/trust store but no luck.
Any idea why this is happening?
Hey having same problem here, at the end I have downloaded the wsdl file and create the reference from there.
I keep getting Connection Failed when trying to request data from a page that is on an https:// domain. I did install the ssl cert using the built-in section of the railo admin at https://[mydomain]/railo-context/admin/server.cfm?action=services.certificates however I still get Connection Failed. How should I go forward with debugging this? I have confirmed that this server in particular does have access to the domain I am trying to request from.
You probably need some additional certs installed as Jason has said. Take a close look at the cert and it's chain. Go to the cert issuers site and look for some documentation.
To troubleshoot you can add some logging to your jvm args. I think it's something like:
-Djavax.net.debug=all
The results are either in the OUT log or the server.log. This post on SSL 3.0 has some debugging tips. It's possible that your cert needs to handshake at a lower security level than CF allows (SSL 2.0 instead of 3.0/TLS for instance) and that could cause this behavior - but it's more likely that you simply need an intermediate cert installed.
The problem ended up being the permissions weren't setup properly on the machine. After we had the server administrator fix our permissions to access the Railo-Tomcat Service Control, the requests started working. I'm assuming he fixed some other permissions while he was in there.