to work withWebservices deployed using HTTPS (HTTP via the SSL), you need to identify and register the certificate being used for the HTTPS connection from the server:
if it is currently open.
- Identify the location of the server certificate used for the HTTPS connection.
- Ensure that this certificate’s COMMON NAME parameter contains both the server’s machine name and the subdomain (for example,
Copy the certificate to the following location:
This directory should contain a
cacertsfile in which the trusted certificates are stored.
Execute a command of the following format:
keytool -import -alias <certificate_alias> -file <certificate_file> -keystore cacerts
For example, if your certificate file is named
test.cert, you would execute the following command from the
keytool -import -alias serverTrustCert -file test.cert -keystore cacerts
This will import the certificate into the cacerts file with the alias "s
- When prompted to enter a keystore password, enter
- When asked whether you want to trust this certificate, enter
yes. You will then see a message indicating that the certificate has been added to the keystore.
- (Optional) Verify that the certificate has been added to the keystore by entering the following command, then checking the file that opens:
keytool -list -keystore cacerts
and try to access the service again.
If you experience issues working with services deployed over HTTS, verify the following:
- Your server is running.
- You used the full name of the machine when trying to communicate with this HTTPS.
- The server certificate was created with the full name.
- The name on the certificate is identical to the name the client tried to access it with.
If you cannot satisfy the above requirements (for example, if you don’t have necessary permissions):
- Choose Parasoft> Preferences to open the Preferences dialog.
- Select Parasoft> Seacurity from thace left pane of the Preferences dialog, then select the Trust all certificates option in the right pane.
- Click OK or Apply to apply this change.
will then try to access any WSDL you specify, regardless of any problems with the certificate. However,SOAtest
will still try use the certificate while trying to send SOAP messages because it is required to do so.
You must add certificates to cacerts files on load test slave machines as well as on the master machine. Otherwise, SSL connections will not work when running a load test with slave machines.
If none of these procedures solve your problem, contact Parasoft in one of the ways described in Contacting Parasoft Technical Support.
Debugging SSL Issues
on a standard JVM. To show the SSL/TLS handshake details and help identify causes of SSL connection problems, enable JVM network and SSL debugging:
- Open a command line console and navigate to the SOAtest installation directory.
- Start the executable with the arguments:
-J-Dssl.debug=true -J-Djavax.net.debug=all -consolelog
will start as usual, but whenever SSL connections are made, debugging output will be printed on the console. If you wish to save the trace output to a file (for example,
output.txt), you may append the following to the end of the command :
For more information about managing keys and certificates using the Java keytool, see the Oracle Java documentation. refer to:
- Windows: http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html
- Linux, Mac: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html