To resolve the SSLHandshakeException: No trusted certificate found error when executing SOAP API requests in Katalon Studio, follow these steps:
1. Export the Server Certificate
Using Browser:
- Open the SOAP API URL in Chrome (e.g.,
https://your-api-endpoint).
- Click the padlock icon > Certificate > Details > Copy to File.
- Save as
server-cert.cer (Base64-encoded X.509).
Using OpenSSL (Command Line):
openssl s_client -connect your-api-endpoint:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > server-cert.pem
2. Import Certificate into Katalon’s Truststore
Katalon uses the Java truststore (cacerts). Locate the JRE/Katalon’s truststore and import the certificate:
a. Find Katalon’s JRE Path
- Go to Help > About Katalon Studio to see the JRE path (e.g.,
C:\Program Files\Katalon\jre).
b. Import Certificate
Use keytool (included in Katalon’s JRE bin directory):
# Windows
cd "C:\Program Files\Katalon\jre\bin"
keytool.exe -import -alias server-cert -keystore "..\lib\security\cacerts" -file "C:\path\to\server-cert.cer"
# macOS/Linux
cd /Applications/Katalon Studio.app/Contents/Eclipse/jre/bin
./keytool -import -alias server-cert -keystore ../lib/security/cacerts -file ~/path/to/server-cert.cer
- Default truststore password:
changeit
- Confirm with
yes to trust the certificate.
3. Disable SSL Verification (Temporary Workaround)
Warning: Only for non-production environments.
Add this code to your test case to bypass SSL checks:
import javax.net.ssl.*
import java.security.cert.X509Certificate
// Bypass SSL certificate validation
def allowAllCerts = [ new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { null }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
} ] as TrustManager[]
def sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, allowAllCerts, new java.security.SecureRandom())
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory())
HttpsURLConnection.setDefaultHostnameVerifier { hostname, session -> true }
4. Configure Katalon for SSL Debugging
Add JVM args in Katalon.ini (to diagnose handshake issues):
-vmargs
... existing args ...
-Djavax.net.debug=ssl:handshake
5. Use Apache HTTPClient with Custom SSL Context
For more control, override the REST client’s SSL settings:
import org.apache.http.conn.ssl.SSLConnectionSocketFactory
import org.apache.http.conn.ssl.TrustStrategy
import org.apache.http.impl.client.HttpClients
import org.apache.http.ssl.SSLContexts
// Trust all certificates (not recommended for production)
def sslContext = SSLContexts.custom().loadTrustMaterial(null, { cert, authType -> true } as TrustStrategy).build()
def allowAllSSLSocketFactory = new SSLConnectionSocketFactory(sslContext)
def httpClient = HttpClients.custom().setSSLSocketFactory(allowAllSSLSocketFactory).build()
def response = httpClient.execute(new HttpGet("https://your-api-endpoint"))
6. Verify Corporate Proxy/Certificate
If behind a corporate proxy, import the proxy’s root CA certificate into Katalon’s truststore using Step 2.
Key Notes
- Restart Katalon after modifying the truststore.
- Ensure the certificate includes the full chain (root + intermediate CAs).
- For self-signed certificates, use Step 2 or Step 3.
Troubleshooting
- “Certificate already exists”: Delete the existing alias first:
keytool -delete -alias server-cert -keystore "path/to/cacerts"
- Permission Denied: Run Katalon/Command Prompt as Administrator.
- Incorrect Truststore Path: Double-check the JRE used by Katalon.
By following these steps, Katalon Studio will trust the SOAP API’s SSL certificate, resolving the handshake error