Testing 2-Way SSL with Postman and SOAPUI: A Step-by-Step Guide

Testing 2-Way SSL with Postman and SOAPUI: A Step-by-Step Guide
Photo by Leo_Visions / Unsplash

Ensuring secure communication between clients and servers is paramount in today's digital landscape. Two-way SSL authentication, also known as mutual SSL authentication, provides an additional layer of security by requiring both the server and the client to authenticate each other. In this guide, we'll walk through how to test 2-way SSL authentication using two popular API testing tools: Postman and SOAPUI.

Step 1: Setup and Configuration Before we dive into testing, ensure you have the following prerequisites:

  • Postman and/or SOAPUI installed on your machine
  • Access to a server with a valid SSL certificate configured for two-way authentication
  • Client certificate and private key files (.pfx or .p12 format) for authentication
  • Truststore containing the server's certificate (for Postman)

Step 2: Configuring Postman for 2-Way SSL

  1. Open Postman and navigate to the request you want to test.
  2. Click on the "Settings" icon next to the Send button.
  3. In the "Settings" tab, navigate to the "SSL certificate verification" section.
  4. Select "Client Certificate" and upload your client certificate (.pfx or .p12) and enter the passphrase if prompted.
  5. Optionally, upload the server's certificate to the "SSL certificate verification" section's "Root Certificate" field for additional validation.
  6. Click "Update" to save your settings.
  7. Now, send the request. Postman will use the provided client certificate for authentication.
  8. Not verify SSL during sent if your server cert is self signed.
  9. Set proper protocl such as TLSv1.3 in case you see 'sock hung up' error

set client cert

check client cert

ignore ssl very and set protocol

Step 3: Testing with SOAPUI

  1. Open SOAPUI and create a new project or open an existing one.
  2. Right-click on the project or test suite, navigate to "Add Step," and select "Load TestStep" -> "HTTP Test Request."
  3. Enter the request details (URL, method, headers, etc.) in the request editor.
  4. Switch to the "SSL" tab in the request editor.
  5. Check the "Use client certificate" option and browse to select your client certificate (.pfx or .p12) and enter the passphrase if prompted.
  6. Optionally, import the server's certificate into SOAPUI's truststore for validation.
  7. Save your changes and run the test.

set client cert for project

choose client cert for request

Step 4: Verifying Results

  1. After sending requests from both Postman and SOAPUI, verify that the server responds correctly.
  2. Check the response status codes, headers, and payload to ensure successful communication.
  3. Monitor for any SSL-related errors or warnings in the tool's console/logs.

Conclusion: Testing two-way SSL authentication with tools like Postman and SOAPUI is crucial for ensuring the security and integrity of your API communication. By following the steps outlined in this guide, you can effectively validate your server's SSL configuration and ensure seamless communication between your client and server while maintaining the highest standards of security.

Subscribe to Post, Code and Quiet Time.

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.