Bad Certifcate Error on SOAPUI client while testing for https port on webm 95 server.


Any urgent guidance would be of much help.

I have a test case for a REST based webservice that I have created. The access to it is via an HTTPS port on the IS.
The port is functioning fine when set for username/pwd authentication but showing a problem when I am setting ‘require certificate’ authentication.

The following are the steps I have taken for configuring the client/server side keys,keystore and truststore. The SOAP UI is currently installed on the same host as the IS.

  1. I created a keystore for the SOAPUI client, with a key pair and exported a self-signed certificate from this key to the local drive.
  2. Similarly I created a separate keystore for webm IS 9.5 and a key pair and got a self-signed certificate exported from it.
  3. I imported the server’s self signed certificate in the client keystore and vice-versa.
  4. I also configured the keystore and truststore alias, but both pointing to keystore.
    5.I imported the client certificate in Certificates->configure Client certificates section from the local drive only. I first tried with .cer and then .der formats. Also, mapped a user with the certifcate import.

But I am still getting bad certificate error. Earlier I had configured both SOAP UI and server keystore as the same ones when I wasnt much aware of the concepts of public-private key pairs, and it had worked.

But later I realised it has to be separate ones for each client n server.SO,followed the above steps, but of no avaial.

AM new to port config (https) and certificate handing, can somebdy pls help me?

Is there any role of CA certificates during testing?Pls let me know what could I do to make this work

Priya Bhauka.


I just have some inputs to give for the above.

I tested the same service via same port this time by another webM 9.5 IS as the client.
And now, my service is getting accessed and SSL handshake is happening correctly, since my port is set to ‘require certificate’ mode.

Can somebody pls tell, what is needed to check with SOAP UI ?



were you able to resolve this using SOAP UI?

Hi Priya,

These steps work for me.

  1. Export keystore used for the port set to “require client certificate” to PKCS#12 format from JKS format.
  2. In SOAP UI, configure keystore and keystore password in Preferences → SSL Settings.
  3. In SOAP UI, Import / create new project with the WDSL
  4. If problem still persist, make sure the keystore and truststore certificates have installed into SOAP UI cacerts successfully.


Chuan LIM

Yes the configure steps above should work via soapUI and test it out: