Testing client certificate authenticated web services
This recipe builds on the concepts of the previous one to show how we can test web services over an HTTPS connection that also requires a client X.509 certificate to be provided as a guarantee of the caller identity. The actual work required to provide the client certificate in SoapUI is very short. So if you are happy enough with the concepts, certificates, and java Keystore handling, then you can just skip to this part. The entire recipe covers creating the required client and server key pairs and configuring Tomcat to insist that SoapUI provides a valid client certificate before allowing access to a simple RESTful resource.
Getting ready
This recipe builds directly on the previous one. Everything covered and done there will be needed again here, that is, Tomcat, the helloworld-webapp REST sample, the SSL Connector configuration, and the server.jks keystore. Of course, if you have your own working HTTPS service and client certificate...
