I'm trying to use IntelliJ Ultimate's built-in REST Client to test some web services over SSL. However, because the REST services are looking for a client certificate, I'm getting the following error when I try to hit the endpoint:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
I've scoured the documentation and haven't found a way to attach a certificate (.p12 file, in my case) to the call. It would be the same file I've uploaded into my browser to facilitate the SSL calls. Maybe there's a different way to do this that I'm not aware of? I'm not an expert in this area.
Thanks.
They don't seem to be supporting this yet.
Still using sublime with HttpRequester plugin, it supports all cases
https://github.com/braindamageinc/SublimeHttpRequester
Related
I want to make server-side SOAP Service with NestJS. I have searched for some articles and npm dependencies on the internet but can't seems to find a clue about this issue.
What I have found:
soap this only provide http and express which I believe not what I want.
nestjs-soap currently not support server-side.
Any suggestion about how I make this?
I have simple Jersey based web service running on TomCat 9. I do development in Eclipse IDE. Server and IDE are on the same windows machine. I'm using Postman utility to generate test requests.
I would like somehow to see all request/response traffic between service and postman. What is the best way to do that?
Postman will show you everything sent and received in the request (url, headers and content), but you can use a tool like Fiddler to view intercepted HTTP requests.
https://www.telerik.com/fiddler
The best way is to use Tomcat's Request Dumper Filter. It's the best in the sense you don't need anything more than what you already have.
If you do not insist on a eclipse integration you could use burp( https://portswigger.net/burp ).
In proxymode you can play "man in the middle" at your localhost and get every content.
You have just to setup burp as your proxy and you are done. You are also able to stop traffic etc. etc. This works for all kind of network traffic.
The tool is also available in a community edition.
So right now I'm trying to make a bunch of REST API calls to Salesforce from my WebSphere server, but every time I make a request, I get a "500 Server Error" error message in my logs. I then tried to run my API calls through RunScope to try and debug what was going wrong. As soon as I sent my API calls through RunScope to Salesforce, the 500 Error went away and everything worked. I instantly thought it was some kind of SSL Protocol issue since Salesforce apparently doesn't support SSL3.0. So I checked my WebSphere configuration and noticed that it supports both SSL and TLS protocols (I'm not 100% sure which protocol it's using though, if anyone knows of a way to test that, that would be helpful). Now I'm pretty stumped. I know it's not a certificate issue because i installed the needed certificates on my WebSphere server. Anyone else have any ideas why the API calls work through RunScope to Salesforce but not directly to Salesforce? Any help is appreciated.
I figured it out. My issue was that my WebSphere server was running TLS1.0 which isn't supported anymore by Salesforce. If you're running into the same issues as me, make sure your server is running TLS 1.1 or higher.
How can I detect certificate errors when attempting to access web content hosted on a HTTPS site with a certificate that would generate browser certificate errors or warnings?
It seems that currently the framework does not even send the HTTP request if the communication channel is not secure (i.e. if SSL is not enforced properly [e.g the validation of the certificate’s chain of trust fails])?
Similarly, what would be the best way to enforce certificate pinning?
Cheers
You can write your own PhoneGap Plugin based on the following SO question:
How to pin the Public key of a certificate on iOS
Here's some background on Pinning from the OWASP:
Pinning Cheat Sheet
If you end up writing the plugin, let me know as I'm interested too.
check out this post, which includes a PhoneGap (Build) plugin for certificate pinning, by comparing the server certificate fingerprint with an expected value: http://www.x-services.nl/certificate-pinning-plugin-for-phonegap-to-prevent-man-in-the-middle-attacks/734
I'm working with SOAP based web services that require authentication. I usually use the Eclipse Web Service explorer to explore the offered services but for the services requiring authentication, there does not seem to be an authentication option and I keep getting the 401 response.
I tried online clients as well. There is one at http://soapclient.com/soaptest.html but it also exhibits the same behavior.
When I try to access the web services through the browser I get the username/password prompt and it works.
I have also tried using https://username:password#webserviceURL. Again, this works in the browser but not in Eclipse or the online SoapClient utility.
Any ideas how I can get do this ?
It was pretty trivial in SoapUI.
I also found an online client that works with the http://username:password#webserviceURL pattern. Its at : http://tools.pointbeing.net/wsdlviewer