Please try the following to resolve the error. This error usually happens when Basic Authentication is sent but there is an incorrect username or password. This error can also happen when there is an incorrect certificate being used with correct credentials.
Therefore, please start off by seeing if this could be a username and password validation issue. Please ensure that a correct username/password is entered in the SOAPUI basic auth screen and the raw request contains “Authorization: Basic XXXXXXXXXX” header.
- Decode the value with a base 64 decoder (username:password): https://www.base64decode.org/
Make sure that your request is not missing the HTTP auth header, and also check to make sure that the ‘authenticate preemptively’ box is checked (see ‘Pre-emptive auth’ on the same screen where you supply username and password).
The Certificate Signing Request is a prerequisite to get your application certificate (cert.pem), which is required to establish a two-way SSL connection. Additionally, you will need a root certificate (VICA-SBX.pem) and your private key. Refer to this page and watch the Two-Way SLL Tutorial Video. https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl#
You have two options to generate a Certificate Signing Request (CSR):
Have Visa generate a CSR for you (recommended)
Select "generate a CSR from me" when you create a new Visa Developer application. When you select this option, Visa will generate a CSR for you, and you will be prompted to save your private key file when it is downloaded through your browser. Once you save your private key, go to your Visa app page and download your client certificate (cert.pem), as well as your root certificate (VICA-SBX.pem). You will then have everything you need to create a key store.
Generate your own CSR
You can choose to create your own CSR. The Visa Developer Getting Started Guide provides detailed steps on how to generate CSRs: https://developer.visa.com/vdpguide#twowayssl. Please note that you have to fill out all required fields in your Certificate Request. Also note that the organization name and unit fields do not accept punctuation characters – your CSR will be deemed invalid if you use these characters. Once you have a CSR file, go ahead and create a Visa app, choose "Submit my own CSR", and upload your CSR file. During the CSR creation process, take note of the file containing your private key. Once you upload your CSR, go to your Visa app page, and download your client certificate (cert.pem), as well as your root certificate (VICA-SBX.pem). You will then have everything you need to create a key store.
Continuing to the Key Store
Once you have a private key and two certificate files in your local directory, you will need to combine them into a key store. You can decide whether to use Java Key Store (JKS) or PKCS (P12) key store, depending on what your development environment requires. There are sections in “getting started” ->“Using two-way SSL” (https://developer.visa.com/vdpguide#twowayssl), that describe how to create each type of key store, please follow those steps. Note, that the root certificate is not needed for a P12 file, you can create a P12 file out of two files: private key and cert.pem
Please make sure that you included client certificate in the key store, and that the correct key store is included in your SOAPUI project. For your project to work, please see the instructions in the getting started guide and follow the instructions in exact step-by-step: https://developer.visa.com/guides/vdpguide
For openssl: Create the PKCS12 (P12) Certificate Store Using OpenSSL.
For java keytool: Configuring Two-Way SSL Keystore with Java Keytool
Double check step3 in Testing Two-Way SSL Connectivity using SOAPUI
If this doesn’t fix the problem, please send us raw HTTP request and response (available in SOAPUI by selecting ‘RAW’ tab on both request and response) and include screenshots too.