search cancel

Enable HTTPS and SSL between All DevTest Components


Article ID: 109006


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization


How to enable HTTPS and SSL between DevTest Components.

Section one is for using your own keystore.

Section two is for using the DevTest default keystore (webreckeys.ks) 

Additional Information: Create a New Keystore with OpenSSL and Keystore Explorer



All supported DevTest releases.




Section one: Enable HTTPS and SSL between All DevTest Components Using Your Own Keystore


NOTE:  DevTest does not like the following special characters in keystore passwords: /, \, %

When creating the keystore passwords for DevTest, do not use these characters.  Use this rule when creating any keystore password on DevTest regardless of component.


The keystore will need to have the entire needed certificate chain (root, intermediate, server).  

Put the keystore in the DEVTEST_HOME folder of where each component is running.

Update these properties files and restart DevTest Components: file of where Identity Access Manager (IAM) is running:  By default IAM is https enabled.

iam.keystore=${IAM_HOME}certs/<your keystore here>
iam.keystore.password=<your keystore password, it gets stored in vault after IAM is started>

NOTE: If configuring LDAPS with IAM, the LDAP server certificate must should be included in the iam-trustore.ks. file of where your Enterprise Dashboard is running: 

dradis.webserver.ssl.keystore.password=(your keystore password) 
dradis.webserver.ssl.keymanager.password=(your keymanager password) file of where Registry is running: 

devtest.enterprisedashboard.https.enabled=true of where Portal is running: of your Registry)


phoenix.ssl.keystore=${LISA_HOME}/(your keystore) 
phoenix.ssl.keystore.password=(your keystore password) 
phoenix.ssl.keymanager.password=(your keymanager password) 

reshub.hostname=(hostname of your Portal) file of where each DevTest component is installed in case distributed (in case of multiple Simulators and VSEs):{{LISA_HOME}}/(your keystore){{LISA_HOME}}/(your keystore){{LISA_HOME}}/(your keystore){{LISA_HOME}}/(your keystore) 

lisa.webserver.ssl.keystore.location={{LISA_HOME}}/(your keystore) 
lisa.webserver.ssl.keystore.password=(your keystore password) 
lisa.webserver.ssl.keymanager.password=(your keymanager password) 



Workstation: To connect to Registry on SSL, need to configure the below properties in{{LISA_HOME}}yourtruststore.jks



vscatalog.vmoptions (if running as a server) or vscatalogService.vmoptions (if running as a service) of where the VS Catalog is running:                                                  <=== where your IAM is running
-Dserver.ssl.key-store=file:///C:/DevTest10.6.0/VSCatalog/YOURKEYSTORE                        <=== fully qualified path to where your keystore is    (this example on Windows)
-Dserver.ssl.key-password=YOURKEYSTOREPASWD                                                           <=== password of keystore (note it will not get encrypted)
-Dserver.ssl.key-alias=KEYSTOREALIASNAMEOFYOURKEYPAIR                                       <=== make sure the alias name has no spaces 

 add a truststore in to vscatalog.vmoptions: 

4) alternatively  you can to add cert to cacerts file in vscatalog_install_folder/jre/lib/security 


Note: When starting SSL enabled Broker service , if you face any SSL issues, please see the document link below

Limitations in using Your Own Keystore for DevTest Broker Service


Section two: Enable HTTPS and SSL between All DevTest Components Using the DevTest Default Keystore (webreckeys.ks)


The DevTest default keystore is webreckeys.ks.

Update the below properties files and restart all DevTest Components.



By default, IAM is https enable and uses keystore webreckeys.ks, so nothing needs to be done.


Enterprise Dashboard file of where your Enterprise Dashboard is running, only need to uncomment the below property and set to true:



Registry file of where Registry is running, only need to uncomment the below property and set to true:



Portal of where Portal is running, only need to uncomment the below properties and set to true:




All components file of where each DevTest component is installed in case distributed: 





Additional Information

Create a New Keystore with OpenSSL and Keystore Explorer

Need to set System Environment Variable for OpenSSL:

OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf

Create a private key:

openssl req -new -newkey rsa:2048 -nodes -keyout C:\Certificates_and_Keystores\yourprivate.key

Create a Certificate Signing Request:

openssl req -new -sha256 -key yourprivate.key -out your.csr

Send the your.csr to your Certificate Authority (CA).

The CA will send you your certificate:  example: yourcertificate.pem


Use Keystore Explorer for the remaining steps:

Create a new Keystore

New Keystore Type is JKS

Import Key Pair

Import Key Pair Type is OpenSSL

Browse to get your yourprivate.key file

Browse to get your certificate yourcertificate.pem file.


Then import the intermediate certificate.

Then import the root certificate.

Your keystore is ready to use with DevTest.


OpenSSL software:

KeyStore Explorer software:


Of SSL, SNI, Java and DevTest