The SOAPam Client Process can establish a secure SSL or TLS connection with a Web service host. In order to request a secure connection you must specify the https protocol scheme when specifying the service location attribute in the binding element of the CDF file. For example:
The Client Process will negotiate an SSL v3 or TLS v1 connection using the strongest cipher suite common to both the client and server platforms. Note that because of known vulnerabilities inherent in the SSL v2 protocol, the Client Process will not attempt to negotiate an SSL v2 connection by default. If your Web service host requires an SSL v2 connection you must specify the -sslallowv2 command line option when starting the Client Process.
During the connection negotiation process, the Client Process will verify the server certificate against a list of trusted Certificate Authorities. By default, this list is contained in the CAROOT file which is included with the product. The file contains a list of PEM-encoded certificates of trusted root Certificate Authorities. You can override the default file name using the -sslcarootfile command line parameter when starting the Client Process.
You may also create a list of local certificate authorities by creating an edit file named CALOCAL that contains a list of PEM-encoded certificates of local certificate authorities and storing the file in the Client Process installation subvolume. You can override the default file name using the -sslcalocalfile command line parameter when starting the Client Process.
Occasionally you may not want the Client Process to verify the server certificate. This is often the case when you are testing against a development Web service host that has a certificate that was not issued by a trusted certificate authority. If this case you may use the -sslnoverify command line parameter when starting the Client Process to indicate that you do not want the server certificate verified.
Refer to Configuring the Client Process for more information about starting the Client Process and using command line parameters.