{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 贪生不怕死 的问题《SoapUI fails to connect HTTPS (SSLPeerUnverifiedEx》','https://www.manongdao.com/q-326712.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need to test web service that is being deployed to pre-release environment that is deployed on HTTPS endpoint. Unfortunatelly SoapUI fails with SSLPeerUnverifiedException: peer not authenticated exception. I used both versions 4.6.4 and very fresh 5.0.
Env:
endpoint is https, startcom certificate, network uses proxy (but same issue without proxy with different network)
I have spent many hours, maybe a day googling for a solution. Especially this link looked promising: https://forum.soapui.org/viewtopic.php?f=13&t=20866
I extracted endpoint certificate via firefox and let it trust. So I modified cacerts from soapui JVM installation:
..\SoapUI-4.6.4\jre\lib\security>keytool -import -alias HOSTNAME
-file endpoint.crt -keystore cacerts -storepass changeit
Restart and then retested - fail.
Then I took different approach and let SoapUI JVM trust all StartCom certificates.
keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
Restart and failed again. What else shall I do now?
EDIT
2014-05-30 08:39:53,782 ERROR [errorlog] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:446)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:499)
at com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.createLayeredSocket(SoapUISSLSocketFactory.java:268)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:200)
at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:277)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:142)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:758)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:565)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:238)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:348)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:318)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:232)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
SSL debug:
adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x1
Valid from Sun Sep 17 21:46:36 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Thread-20, WRITE: TLSv1 Handshake, length = 186
Thread-20, READ: TLSv1 Alert, length = 2
Thread-20, RECV TLSv1 ALERT: warning, unrecognized_name
SSL - handshake alert: unrecognized_name
Thread-20, handling exception: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
Thread-20, SEND TLSv1 ALERT: fatal, description = unexpected_message
Thread-20, WRITE: TLSv1 Alert, length = 2
Thread-20, called closeSocket()
Thread-20, IOException in getSession(): javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
09:16:12,482 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
If you are using a proxy, try bypassing the same (via ProxySettings is SoapUI Preferences)
I think that you're doing the things good. If you load the server certificate on your truststore the connection must works, maybe something is happening like for example a redirect. If you want you can try to disable the SSL server certificate validation. If you use a SOAPUI standalone version edit the
$SOAPUI_HOME/bin/soapui.bator$SOAPUI_HOME/bin/soapui.shand add this parameter-Dcom.sun.net.ssl.checkRevocation=falseas java option:soapui.bat
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.net.ssl.checkRevocation=falsesoapui.sh
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.net.ssl.checkRevocation=false"Hope this helps,
I was also getting following message:
The issue I had was only when going via a proxy server. Connected directly to Internet without a proxy was working.
I tried all these solutions, and none were working.
I even tried to add the trusted CA certificates in a Java key store under WS-Security-Configurations -> Truststores and was still getting the rror.
I upgraded to SoapUI 5.2.1 and issue is now resolved.
It might be worth it for you to try it out.
Also make sure you are not running Fiddler, which will try to act as a proxy to any requests made by SoapUI. If you want to make it work with Fiddler, you need to add the Fiddler root certificate to your Java trust store.
See also: SoapUI not working with fiddler for REST service testing
Ok, the fix for this problem is to set
in
$SOAPUI_HOME/bin/soapui.batThe reason is described in this answer: https://stackoverflow.com/a/14884941/1639556
Digest:
Java 7 introduced SNI support which is enabled by default. I have found out that certain misconfigured servers send an "Unrecognized Name" warning in the SSL handshake which is ignored by most clients... except for Java.
Update: for SoapUI 5.2.1 I had to alter a file
SoapUI-5.2.1.vmoptionsbecause modifyingbatfile did not help.For anybody using a Mac looking for the same answer (sorry, it won't let me comment on the selected answer as I don't have enough reputation points yet to Comment !!!). Editing soapui.sh won't have any impact if you are launching the App by clicking the icon in your Applications folder or using Spotlight.
/Applications/SoapUI-5.0.0.app/Contents
Edit vmoptions.txt and add -Dcom.sun.net.ssl.checkRevocation=false to the bottom of the file.. Save and re-launch.