diff --git a/.gitignore b/.gitignore
index 863349c70f95135ceae5cde61b0c3f1ef1f72609..5224ca6b7f08eb7734745f69e8bd1cf18cc2eb9b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,5 @@ build/
 
 ### VS Code ###
 .vscode/
+
+application-sec.yml
diff --git a/xta-adapter/pom.xml b/xta-adapter/pom.xml
index 6b216bd1d73d1ce3462461d767731e076b2eda37..4740b9a1e26f4d48304d9a58ae35e73a72bb53cc 100644
--- a/xta-adapter/pom.xml
+++ b/xta-adapter/pom.xml
@@ -40,6 +40,11 @@
 			<groupId>org.springframework.ws</groupId>
 			<artifactId>spring-ws-support</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.ws</groupId>
+			<artifactId>spring-ws-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<!--own project -->
 		<dependency>
 			<groupId>de.itvsh.kop.eingangsadapter</groupId>
diff --git a/xta-adapter/readme.md b/xta-adapter/readme.md
index 9381635bcfd41fd16ed992cd5ae185155758ea17..e5541a8c2d6463b3fe7f426ba12f5e3d22d25661 100644
--- a/xta-adapter/readme.md
+++ b/xta-adapter/readme.md
@@ -1,5 +1,22 @@
+# Keystore passwort
+Das Keystore und Passwort müssen extra hinzugefügt werden. Keystore irgendwo im Dateisystem ablegen.
+Dazu eine Datei 'application-sec.yml' anlegen:
+
+ozgcloud:
+  xta:
+    keystore:
+      store: file:<pfad zum keystore>
+      password: <geheim>
+      
+Den Dienst dann mit dem Spring-Profile 'sec' starten.
+
 # Ceritifcade chain
 
 lokal das Root CA in keystore laden:
 
-    sudo keytool -trustcacerts -keystore /lib/jvm/java-1.17.0-openjdk-amd64/lib/security/cacerts -storepass changeit -importcert -alias dataportRoot -file DataportRootCA02.crt
\ No newline at end of file
+    sudo keytool -trustcacerts -keystore /lib/jvm/java-1.17.0-openjdk-amd64/lib/security/cacerts -storepass changeit -importcert -alias dataportRoot -file DataportRootCA02.crt
+    
+# Port forwarding
+Um eine Verbindung zum Nachrichtenbroker aufbauen zu können, muss diese über den Hetzner-Server geroutet werden:
+
+ssh -L 3000:[Hetzner-Server-IP]:443 ozg-sh.de
\ No newline at end of file
diff --git a/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteService.java b/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteService.java
index 40d588c0f0369bbf81b4bdab4da8f90172d2fded..931703ba2c606202b7552a5255b3fa54662c2ce9 100644
--- a/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteService.java
+++ b/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteService.java
@@ -22,8 +22,6 @@ import eu.osci.ws._2008._05.transport.ObjectFactory;
 @Service
 class XtaRemoteService {
 
-	private static final String URI_TEMPLATE = "https://%s/MB_XTA-WS/XTA210msgBoxPort.svc";
-
 	@Autowired
 	@Valid
 	private XtaProperties properties;
@@ -55,7 +53,7 @@ class XtaRemoteService {
 
 	private URI getTargetUri() {
 		try {
-			return new URI(URI_TEMPLATE.formatted(properties.getServer().getName()));
+			return new URI(XtaRemoteServiceConfiguration.URI_TEMPLATE.formatted(properties.getServer().getName()));
 		} catch (URISyntaxException e) {
 			throw new TechnicalException("Error building target url: " + e);
 		}
diff --git a/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteServiceConfiguration.java b/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteServiceConfiguration.java
index d4032da259127b2a444ca516173bc95f048e0935..f57da92e4d07104177b6bd892fc7a8071fd72688 100644
--- a/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteServiceConfiguration.java
+++ b/xta-adapter/src/main/java/de/ozgcloud/eingang/xta/XtaRemoteServiceConfiguration.java
@@ -10,9 +10,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
@@ -20,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.webservices.client.WebServiceTemplateCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.oxm.jaxb.Jaxb2Marshaller;
 import org.springframework.ws.client.support.destination.DestinationProvider;
 import org.springframework.ws.client.support.interceptor.ClientInterceptor;
@@ -33,7 +32,7 @@ import de.itvsh.kop.eingangsadapter.common.errorhandling.TechnicalException;
 @Configuration
 public class XtaRemoteServiceConfiguration {
 
-	private static final String KEYSTORE_TYPE = "PKCS12";
+	static final String URI_TEMPLATE = "https://%s/MB_XTA-WS/XTA210msgBoxPort.svc";
 
 	@Autowired
 	private XtaProperties properties;
@@ -47,9 +46,9 @@ public class XtaRemoteServiceConfiguration {
 	}
 
 	@Bean
+	@Profile("local")
 	WebServiceTemplateCustomizer webServiceTemplateCustomizer() {
-		return template -> template
-				.setMessageSender(messageSender());
+		return template -> template.setMessageSender(messageSender());
 	}
 
 	@Bean
@@ -79,7 +78,7 @@ public class XtaRemoteServiceConfiguration {
 	DestinationProvider destinationProvider() {
 		return () -> {
 			try {
-				return new URI("https://localhost:3000/MB_XTA-WS/XTA210msgBoxPort.svc");
+				return new URI(URI_TEMPLATE.formatted(properties.getServer().getAddress()));
 			} catch (URISyntaxException e) {
 				throw new TechnicalException("Error building URI", e);
 			}
@@ -94,26 +93,18 @@ public class XtaRemoteServiceConfiguration {
 	}
 
 	@Bean
+	@Profile("local")
 	WebServiceMessageSender messageSender() {
-		return initMessageSender();
-	}
-
-	HttpsUrlConnectionMessageSender initMessageSender() {
 		try {
 			var keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
 			keyManagerFactory.init(xtaKeyStore(), properties.getKeyStore().getPassword());
 
-			var messageSender = new HttpsUrlConnectionMessageSender();
-			messageSender.setKeyManagers(keyManagerFactory.getKeyManagers());
-			messageSender.setTrustManagers(new TrustManager[] { new UnTrustworthyTrustManager() });
-			messageSender.setHostnameVerifier(new HostnameVerifier() {
-
-				@Override
-				public boolean verify(String hostname, SSLSession session) {
-					return true;
-				}
-			});
-			return messageSender;
+			var messageSender1 = new HttpsUrlConnectionMessageSender();
+			messageSender1.setKeyManagers(keyManagerFactory.getKeyManagers());
+			messageSender1.setTrustManagers(new TrustManager[] { new UnTrustworthyTrustManager() });
+			messageSender1.setHostnameVerifier((hostname, session) -> true); // NOSONAR only for test/local
+
+			return messageSender1;
 		} catch (Exception e) {
 			throw new TechnicalException("Error initializating message sender.", e);
 		}
@@ -122,11 +113,8 @@ public class XtaRemoteServiceConfiguration {
 	@Bean
 	KeyStore xtaKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
 		var keyStoreResource = properties.getKeyStore().getFile();
-//		var keysres = XtaRemoteServiceConfiguration.class.getResourceAsStream("/KOP_SH_KIEL_DEV.p12");
-//		assert (keysres != null);
-		var keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+		var keyStore = KeyStore.getInstance(properties.getKeyStore().getType());
 		try (InputStream keyStoreStream = keyStoreResource.getInputStream()) {
-//		try (InputStream keyStoreStream = keysres) {
 			keyStore.load(keyStoreStream, properties.getKeyStore().getPassword());
 		}
 
@@ -135,16 +123,16 @@ public class XtaRemoteServiceConfiguration {
 
 	static class UnTrustworthyTrustManager implements X509TrustManager {
 		@Override
-		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { // NOSONAR only for test/local
 		}
 
 		@Override
-		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { // NOSONAR only for test/local
 		}
 
 		@Override
 		public X509Certificate[] getAcceptedIssuers() {
-			return null;
+			return new X509Certificate[0];
 		}
 	}
 }
diff --git a/xta-adapter/src/main/resources/application-local.yml b/xta-adapter/src/main/resources/application-local.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b6142ac1f0bf25c9fa7d376a56af24772401d8cb
--- /dev/null
+++ b/xta-adapter/src/main/resources/application-local.yml
@@ -0,0 +1,5 @@
+ozgcloud:
+  xta:
+    server:
+      address: localhost:3000
+      name: LI33-0005
\ No newline at end of file
diff --git a/xta-adapter/src/main/resources/application.yml b/xta-adapter/src/main/resources/application.yml
index 980bf8410c7dbd86467d77344984a90869d0366e..710c65c658b1ff25b947a309ea3aac919be321d3 100644
--- a/xta-adapter/src/main/resources/application.yml
+++ b/xta-adapter/src/main/resources/application.yml
@@ -1,8 +1,3 @@
-spring:
-  profiles:
-    active:
-    - sec
-
 logging:
   level:
     ROOT: WARN
@@ -13,11 +8,7 @@ logging:
 ozgcloud:
   xta:
     max-list-elements: 10
-    server:
-       name: LI33-0005
-       address: localhost:3000
     keystore:
-      file: classpath:KOP_SH_KIEL_DEV.p12
       type: PKCS12
     actions:
       status-list: "http://www.osci.eu/ws/2008/05/transport/urn/messageTypes/MsgBoxStatusListRequest"
\ No newline at end of file
diff --git a/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaApplicationTest.java b/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaApplicationTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..8a57fa742a42fcff3b0e51412ae89a1ced214de1
--- /dev/null
+++ b/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaApplicationTest.java
@@ -0,0 +1,20 @@
+package de.ozgcloud.eingang.xta;
+
+import static org.junit.Assert.*;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+
+import de.itvsh.kop.eingangsadapter.Application;
+
+@ActiveProfiles({ "local", "itcase" })
+@SpringBootTest(classes = Application.class)
+class XtaApplicationTest {
+
+	@Test
+	void startup() {
+		// should start without exception;
+		assertTrue(true);
+	}
+}
diff --git a/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaRemoteServiceITCase.java b/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaRemoteServiceITCase.java
index d7a52c3a981c91efe6351daa10f95aaa0a570e73..ed30f74aa1a7955ed428ffbccea383b6a1963eee 100644
--- a/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaRemoteServiceITCase.java
+++ b/xta-adapter/src/test/java/de/ozgcloud/eingang/xta/XtaRemoteServiceITCase.java
@@ -2,10 +2,9 @@ package de.ozgcloud.eingang.xta;
 
 import static org.assertj.core.api.Assertions.*;
 
-import java.net.URISyntaxException;
-
 import jakarta.validation.Valid;
 
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -13,14 +12,15 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.context.ActiveProfiles;
 
 import de.itvsh.kop.eingangsadapter.Application;
-import eu.osci.ws._2008._05.transport.MsgStatusListType;
+import lombok.SneakyThrows;
 
-@ActiveProfiles({ "itcase", "local", "sec" })
+@Disabled("real live test - do only activate for manual testing")
+@ActiveProfiles({ "itcase", "local" })
 @SpringBootTest(classes = Application.class)
 class XtaRemoteServiceITCase {
 
 	@Autowired
-	private XtaRemoteService xtaRemoteService;
+	private XtaRemoteService remoteService;
 	@Autowired
 	@Valid
 	private XtaProperties xtaProperties;
@@ -33,11 +33,16 @@ class XtaRemoteServiceITCase {
 		}
 	}
 
-	@Test
-	void test() throws URISyntaxException {
-		MsgStatusListType rsp = xtaRemoteService.getStatusList();
+	@Nested
+	class TestGetStatusList {
+
+		@SneakyThrows
+		@Test
+		void shouldSendRequestWithIdentifier() {
+
+			remoteService.getStatusList();
 
-		assertThat(rsp.getMessageMetaData()).isNotEmpty();
+		}
 	}
 
 }
diff --git a/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.p12 b/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.p12
deleted file mode 100644
index 2fba6f4b2e751d74d1ce155b2f6415d83d256410..0000000000000000000000000000000000000000
Binary files a/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.p12 and /dev/null differ
diff --git a/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.pfx b/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.pfx
deleted file mode 100644
index e3cfb904cfa693ffa5e61e55c6bea59195d4a9c3..0000000000000000000000000000000000000000
Binary files a/xta-adapter/src/test/resources/KOP_SH_KIEL_DEV.pfx and /dev/null differ
diff --git a/xta-adapter/src/test/resources/application-itcase.yml b/xta-adapter/src/test/resources/application-itcase.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3507852f0b2455e004e8ae452e19f9b5de411218
--- /dev/null
+++ b/xta-adapter/src/test/resources/application-itcase.yml
@@ -0,0 +1,5 @@
+ozgcloud:
+  xta:
+    keystore:
+      file: classpath:xtaTestStore.p12
+      password: <geheim>
\ No newline at end of file
diff --git a/xta-adapter/src/test/resources/xtaTestStore.p12 b/xta-adapter/src/test/resources/xtaTestStore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..a0cc212c49745a428186d0d4f2f73dd6ac7f24ff
Binary files /dev/null and b/xta-adapter/src/test/resources/xtaTestStore.p12 differ