SoapUI not working with fiddler for REST service testing

6
votes

I created a REST project in the SoapUI to test the googlemapsapi rest service (HTTPS). I configured the SoapUI to use the proxy settings to fiddler (localhost:8888). In fiddler, enabled the "Decrypt Https Traffic" option under Fiddler Tools -> Https

When i send the request, the handshake is successful. Below is the request and response headers:

Request Headers

CONNECT maps.googleapis.com:443 HTTP/1.1 Client User-Agent: Apache-HttpClient/4.1.1 (java1.5) Transport Connection: Keep-Alive Host: maps.googleapis.com

Response Headers

HTTP/1.1 200 Connection Established

Miscellaneous

FiddlerGateway: Direct StartTime: 15:45:06.462

Transport

Connection: close

After the handshake, no further request and response is happening.

Without the proxy, the handshake and request/response works fine.

Note: I followed the below links to add the certificate to the SoapUI certificate assert and key store with no luck.

http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx

http://qatesterblog.blogspot.com/2013/10/how-to-make-soapui-ssl-compatible.html

2
soapuifiddler
The results you've described strongly suggest that you have not properly configured SoapUI to trust Fiddler's root certificate. Are you able to use the tool properly with a non-HTTPS target? What, if anything, do you see in Fiddler's Log tab?EricLaw

2 Answers

13
votes

This is how I made this work for me (on Windows 7). I added Fiddler's root certificate to the JRE's trusted certificates.

Export the Fiddler root certificate. You find the export button by going to Tools / HTTPS.

Locate the file cacerts of the JRE you run SoapUI with. The file is located under lib/security of the JRE and the JRE is in SoapUI's jre folder if you have installed SoapUI. Copy this file to somewhere you have rights to modify it so that you don't have to fiddle with elevating the cmd process.

Now add the Fiddler root certificate to the cacerts keystore with the following command.

keytool -importcert -file FiddlerRoot.cer -keystore cacerts

The tool keytool is located in the bin folder of the JRE. The password the the cacerts keystore is "changeit" or "changeme".

As a final step copy back the cacerts file to it original location, restart SoapUI and have fun with the proxy!

5
votes

Some notes and clarifications on my successful attempt of Joel's answer (https://stackoverflow.com/a/22907237/1981358):

  • On Windows Fiddler 4 (4.5.1.0), the option is at: Tools > Fiddler Options... > HTTPS > Export Root Certificate to Desktop

  • I think I had to run CMD as adminstrator to modify cacerts file

  • Change to the security directory in SoapUI JRE. For me this was: C:\Program Files (x86)\SmartBear\SoapUI-5.0.0\jre\lib\security

  • I used this command to update the cacerts file: ..\..\bin\keytool.exe -importcert -file C:\Users\MyUserName\Desktop\FiddlerRoot.cer -keystore cacerts

  • When prompted enter changeit

  • (Important: verify you are actually updating the cacerts file. I first tried from a different folder and created a new file. If it asks for the password twice you probably created a new file.)

Trust this certificate? [no]: yes Certificate was added to keystore

  • On success (above message), check that the cacerts file actually got changed.

  • Start SoapUI and try the request again.