soapui WSDL error when adding

6
votes

I keep getting this error when adding this. Any ideas. I worked on other WSDL links and they are fine except this.

org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

5
sslwsdlssl-certificate
It's passed some time since this topic was asked, but i have a complement to the answer of albciff. SoapUI has it's own JRE and you have to import the certificate in the cacerts file of SoapUI's JRE. Hope this helps!JAEP

5 Answers

4
votes

The WSDL is on https, so you need to add the domain certificate to your cacerts on JRE which comes with SOAPUI installation (also could be probably that wsdl is published also on http so you can try to change the url for wsdl to http, first try this if not try steps below).

You have to download the server certificate (you can connect with the browser to the url of wsdl and save the certificate as an archive).

download server certificate sample

Then you can import this cert to your cacerts with keytool:

keytool -import -alias somealias -file serverCertificate.cer -keystore SOAPUI_HOME/jre/lib/security/cacerts

(default password for cacerts is "changeit").

With this steps you can use the WSDL and avoid the "PKIX path building failed" exception.

Hope this helps,

3
votes

The Problem with the SOAP UI is it's using it's won JRE to execute programs...

To resolve the above exception follow the below steps.

  1. Export the certificate from the key store or browser (which contain the public key)
  2. Go to the SOAPUI installed directory and locate following directory \SmartBear\soapUI-4.0.1\jre\lib\security
  3. Import the certificate in to cacerts trust store (Which is the default trust store)
  4. Restart the SOAP UI and load the WSDL...
2
votes

This appears to be a bug in SoapUI (at least as of 4.6.4). I just ran into the same issue and after making sure I had all of the CA certificates imported everywhere I found this post that mentions the same problem.

I installed the nightly build as mentioned in the post and I was able to get past the SSL handshake issue.

1
votes

There is a sly detail here: The SOAPui calls wsimport command with an OS system call to wsimport program. It does not load internal class com.sun.tools.internal.ws.WsImportto do the WSDL import.

If you are running SOAPui with the default JRE that comes with it but you also have a different JDK installed, then when using SOAPui tools to generate code, the wsimport command used is the one the OS knows better from the PATH and not the com.sun.tools.internal.ws.WsImport that comes with SOAPui.

In this case the called wsimport will not references the embedded cacerts in SOAPUI_HOME\jre\lib\security . Instead it utilizes the default cacerts of the JDK the wsimport belongs.

SOAPui uses wsimport from a JDK as this picture shows

In that case the steps you have to follow are:

  1. Download and save the server´s certificate to a file, say srv-certificate.txt

  2. Import this certificate to the cacerts of the JDK used by the SOAPui tools:

    C:\>keytool -import -alias somealias -file cmq-certificates.txt  -keystore C:\software\jdk1.8.0.65\jre\lib\security\cacerts

where jdk1.8.0.65 is the JDK used by the SOAPui tools.

Hope it helps!

0
votes

I've had the same problem (working with profesionnal computer behind a corporate proxy) :
It appeared that I just had to set proxy in SoapUI to None to solve it (neither manual - cntlm, in my case - nor automatic - windows settings, corporate proxy - did work :-/) !...