Using Virtualize with SSL

Chris ColosimoChris Colosimo Posts: 71 admin
edited December 2016 in Virtualize

Basic Concepts of Virtualize SSL

There are two roles that Virtualize can play:
1. When Virtualize receives messages from an Application Under Test (AUT), it functions as the server in the SSL model.
2. When Virtualize is acting as a proxy, it function as the client in the SSL model

These two roles require different configurations -

Both roles require:

  1. A certificate/private key pair contained in a keystore
  2. Installation of the Unlimited Strength JCE (see Help > Help Contents > Parasoft SOAtest User's Guide > Reference > Preference Settings > Security Settings > JCE Prerequisite)

Configuring SSL when Virtualize is the Server

What you will need:

  1. A certificate/private key pair that the application will accept. This generally means at minimum a self-signed certificate/private key pair whose common name (CN) parameter matches the fully qualified name of the server. So if your Virtualize server URL is http://myserver.mycompany.com, the CN parameter should be "myserver.mycompany.com". Depending on your company's security policy, you may also need the certificate signed by your company's certificate authority.
  2. Access to the Virtualize and SOAtest (if you have SOAtest installed) installation directories. If you have SOAtest and Virtualize installed, you will use "SOAtest installation directory" for step 1 below. If you only have Virtualize installed, you will use "Virtualize installation directory" in step 1 below.

To perform the configuration:

  1. Stop the Virtualize server if it is running
  2. Navigate to "Virtualize installation directory or SOAtest installation directory"/eclipse/plugins/com.parasoft.xtest.libs.web_/root/tomcat/conf and open server.xml
  3. Search for the text SSLEnabled="true"

You will see a section that looks like this:
<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" connectionTimeout="20000" enableLookups="false" keyAlias="mykey" keystoreFile="../lib/cacerts" keystorePass="changeit" keystoreType="JKS" maxThreads="150" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" server="Parasoft Server" sslProtocol="TLS" truststoreFile="../lib/cacerts" truststorePass="changeit" truststoreType="JKS"/>

In this section:

 Modify keystoreType to one of PKCS12, JKS, BKS, UBER, or PEM depending on the type of keystore you're using
 Modify keystoreFile to point to your keystore file. Use forward slashes (/) instead of backward slashes (), Ex: C:/Users/myUser/keystore.jks
 Modify keystorePass to be the password to your keystore
 Modify keyAlias to point to the alias of the certificate/private key pair

If you are performing 2-way SSL (client-certificate verification), also:

 Modify truststoreType to one of PKCS12, JKS, BKS, UBER, or PEM depending on the type of keystore you're using
 Modify truststoreFile to point to your keystore file. Use forward slashes (/) instead of backward slashes (), Ex: C:/Users/myUser/keystore.jks
 Modify truststorePass to be the password to your keystore

You're done! Go ahead and restart the Virtualize server and the deployed certificate will be used for any SSL connections to port 9443 on your Virtualize server. If you are not able to connect to this port, check the files in "Virtualize installation directory or SOAtest installation directory"/eclipse/plugins/com.parasoft.xtest.libs.web_"version"/root/tomcat/log` for error details.

Configuring SSL when Virtualize is the Server (Message Proxies)

The process of configuring SSL for a message proxy is quite straightforward. Simply add an HTTP connection to your message proxy and perform the following additional steps:

  1. Switch to the Security tab
  2. Check Use SSL when connecting to the service
  3. If you would like to trust all certificates or self-signed certificates, ensure those boxes are checked.
  4. If you would like to specify a truststore instead, fill out the truststore tab

This is all you need for 1-way SSL. For 2-way SSL, additionally:
1. Fill out the Keystore tab with your keystore file, password, type
2. Click the Load button and select the certificate alias for SOAtest to present to the server from the Certificate dropdown. If the certificate dropdown is not populated when you click load, you may have entered the incorrect password or keystore type

Tagged:
Sign In or Register to comment.