search cancel

Enable HTTPS and SSL between All DevTest Components

book

Article ID: 109006

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization

Issue/Introduction

How to enable HTTPS and SSL between DevTest Components.

Section one is for using your own keystore.

Section two is for using the DevTest default keystore (webreckeys.ks) 

Additional Information: Create a New Keystore with OpenSSL and Keystore Explorer

 

Environment

All supported DevTest releases.

Cause

N/A

Resolution

Section one: Enable HTTPS and SSL between All DevTest Components Using Your Own Keystore

 

NOTE:  DevTest does not like the following special characters in keystore passwords: /, \, %

When creating the keystore passwords for DevTest, do not use these characters.  Use this rule when creating any keystore password on DevTest regardless of component.

 

The keystore will need to have the entire needed certificate chain (root, intermediate, server).  


Put the keystore in the DEVTEST_HOME folder of where each component is running.


Update these properties files and restart DevTest Components:

 

iam.properties file of where Identity Access Manager (IAM) is running:  By default IAM is https enabled.

iam.keystore=${IAM_HOME}certs/<your keystore here>
iam.keystore.password=<your keystore password, it gets stored in vault after IAM is started>
iam.truststore=${IAM_HOME}certs/iam-truststore.ks
iam.truststore.password=${VAULT::IAM::IAM_TRUSTSTORE_PASSWORD::1}

NOTE: If configuring LDAPS with IAM, the LDAP server certificate must should be included in the iam-trustore.ks.  

 


dradis.properties file of where your Enterprise Dashboard is running: 

dradis.webserver.https.enabled=true 
dradis.webserver.ssl.keystore.location=${DRADIS_HOME}YOURKEYSTORE 
dradis.webserver.ssl.keystore.password=(your keystore password) 
dradis.webserver.ssl.keymanager.password=(your keymanager password) 



site.properties file of where Registry is running: 

devtest.enterprisedashboard.https.enabled=true 



phoenix.properties of where Portal is running: 

registry.host=(hostname of your Registry)

registry.https.enabled=true 

phoenix.https.enabled=true 
phoenix.ssl.keystore=${LISA_HOME}/(your keystore) 
phoenix.ssl.keystore.password=(your keystore password) 
phoenix.ssl.keymanager.password=(your keymanager password) 


reshub.hostname=(hostname of your Portal)


local.properties file of where each DevTest component is installed in case distributed (in case of multiple Simulators and VSEs):

lisa.net.keyStore={{LISA_HOME}}/(your keystore)
lisa.net.keyStore.password={{LISA_HOME}}/(your keystore)

lisa.net.trustStore={{LISA_HOME}}/(your keystore)
lisa.net.trustStore.password={{LISA_HOME}}/(your keystore)

lisa.net.default.protocol=ssl 

lisa.webserver.https.enabled=true 
lisa.webserver.ssl.keystore.location={{LISA_HOME}}/(your keystore) 
lisa.webserver.ssl.keystore.password=(your keystore password) 
lisa.webserver.ssl.keymanager.password=(your keymanager password) 

lisa.portal.url.prefix=https:// 
 

 

Workstation: To connect to Registry on SSL, need to configure the below properties in local.properties.

lisa.net.trustStore={{LISA_HOME}}yourtruststore.jks
lisa.net.trustStore.password=yourpassword

 

VSCatalog

vscatalog.vmoptions (if running as a server) or vscatalogService.vmoptions (if running as a service) of where the VS Catalog is running:

-Dsvcatalog.auth.host.url=https://IAM_MACHINE:51111/auth                                                  <=== where your IAM is running
-Dserver.ssl.key-store=file:///C:/DevTest10.6.0/VSCatalog/YOURKEYSTORE                        <=== fully qualified path to where your keystore is    (this example on Windows)
-Dserver.ssl.key-password=YOURKEYSTOREPASWD                                                           <=== password of keystore (note it will not get encrypted)
-Dserver.ssl.key-alias=KEYSTOREALIASNAMEOFYOURKEYPAIR                                       <=== make sure the alias name has no spaces 
-Dserver.ssl.key-store-provider=SUN
-Dserver.ssl.key-store-type=JKS
-Dlisa.webserver.https.enabled=true
 

 add a truststore in to vscatalog.vmoptions: 
-Djavax.net.ssl.trustStore=c:/devtest/WVD009.ks 
-Djavax.net.ssl.trustStorePassword=some_password 

4) alternatively  you can to add cert to cacerts file in vscatalog_install_folder/jre/lib/security 

 

Note: When starting SSL enabled Broker service , if you face any SSL issues, please see the document link below

Limitations in using Your Own Keystore for DevTest Broker Service

 

Section two: Enable HTTPS and SSL between All DevTest Components Using the DevTest Default Keystore (webreckeys.ks)

 

The DevTest default keystore is webreckeys.ks.

Update the below properties files and restart all DevTest Components.

 

IAM

By default, IAM is https enable and uses keystore webreckeys.ks, so nothing needs to be done.

 

Enterprise Dashboard

dradis.properties file of where your Enterprise Dashboard is running, only need to uncomment the below property and set to true:

dradis.webserver.https.enabled=true 

 

Registry

site.properties file of where Registry is running, only need to uncomment the below property and set to true:

devtest.enterprisedashboard.https.enabled=true 

 

Portal

phoenix.properties of where Portal is running, only need to uncomment the below properties and set to true:

registry.https.enabled=true 

phoenix.https.enabled=true 

 

All components

local.properties file of where each DevTest component is installed in case distributed: 

lisa.net.default.protocol=ssl 

lisa.webserver.https.enabled=true 

lisa.portal.url.prefix=https:// 

 

 

Additional Information

Create a New Keystore with OpenSSL and Keystore Explorer

Need to set System Environment Variable for OpenSSL:

OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf

Create a private key:

openssl req -new -newkey rsa:2048 -nodes -keyout C:\Certificates_and_Keystores\yourprivate.key

Create a Certificate Signing Request:

openssl req -new -sha256 -key yourprivate.key -out your.csr

Send the your.csr to your Certificate Authority (CA).

The CA will send you your certificate:  example: yourcertificate.pem

 

Use Keystore Explorer for the remaining steps:

Create a new Keystore

New Keystore Type is JKS

Import Key Pair

Import Key Pair Type is OpenSSL

Browse to get your yourprivate.key file

Browse to get your certificate yourcertificate.pem file.

Import

Then import the intermediate certificate.

Then import the root certificate.

Your keystore is ready to use with DevTest.

 

OpenSSL software:  https://www.openssl.org/

KeyStore Explorer software: https://keystore-explorer.org/downloads.html

 

Of SSL, SNI, Java and DevTest 

https://community.broadcom.com/enterprisesoftware/viewdocument/of-ssl-sni-java-and-devtest?CommunityKey=94bda077-625b-4914-8ac3-c88a06c2cc23&tab=librarydocuments