Release : 10.4
Component : CA Service Virtualization
Create a signed CA Cert for the Server that has IAM , Registry, VSE , portal, Broker.Coordinator, Simulator . Make sure you use the FQDN and Short names for the Domain name.
The keystore and trustStore will need to have the entire needed certificate chain (root, intermediate, server).
Here are the configuration that you would do..
**************************************
1. Configure IAM for SSL : How to implement a keystore with a CA chain with DevTest IAM
Change webreckeys.ks to be your keystore and passphrase to be your password.
Restarted IAM and was able to bring up the browser and show the IAM URL as being secured.
Bring up Browser and enter URL https://
:51111 for IAM.
Note: Have noticed with Firefox, that the certificate chain is not automatically pulled into the browser, so the root and intermediate certificates had to be manually imported into the Firefox. Chrome and IE work without having to do this.
2. To enable HTTPS with Enterprise Dashboard :
In the Enterprise Dashboard Server, edit the dradis.properties file and uncomment the following properties, provide your own keystore or leave the default:
dradis.webserver.https.enabled=true
dradis.webserver.ssl.keystore.location=keystore.jks (do not provide {{DRADIS_HOME}}, place the keystore under LISA_HOME and provide the keystore name in this property)
dradis.webserver.ssl.keystore.password=yourpassword
dradis.webserver.ssl.keymanager.password=yourpassword
3. This property enables SSL communication between components - Registry, Broker, Coordinator, Simulator, VSE, and Workstation
In the local.properties enabled the following property:
lisa.net.default.protocol=ssl
This property enables SSL communication between components - Registry, Broker, Coordinator, Simulator, VSE, and Workstation
If DevTest is installed in a distributed environment, the property above needs to be enabled in each server.
By default DevTest will use the webreckeys.ks. A self-signed keystore delivered with DevTest issued to Lisa.
To use your own keystore and not the webreckeys.ks, provide your keystore under the properties below in the local.properties file in the Registry server:
lisa.net.keyStore={{LISA_HOME}}keystore.jks
lisa.net.keyStore.password=PlainTextPasswordWilBeConvertedToEncrypted
When you are using your own keystore, you will need to create a truststore with the keypair certificate and provide it with the two properties below:
lisa.net.trustStore={{LISA_HOME}}truststore.ts
lisa.net.trustStore.password=PlainTextPasswordWilBeConvertedToEncrypted
More details to create the truststore in the link below:
https://docops.ca.com/devtest-solutions/10-3/en/administering/security/using-ssl-to-secure-communication/use-your-own-self-signed-certificate/
Without the truststore, the Coordinator, Simulator, VSE and Workstation will not be able to connect to the Registry.
You will start seeing the following messages in the registry.log file:
SEVERE: Could not accept connection : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
If you have a distributed environment, the truststore needs to be provided in each remote server as well.
Still in the Registry server, edit the local.properties and enable the following properties:
lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}webserver.ks
lisa.webserver.ssl.keystore.password=yourpassword
lisa.webserver.ssl.keymanager.password=yourpassword
lisa.portal.url.prefix=https://
These properties enable HTTPS on port 1505 - the previous DevTest Console.
For TLSv version
in the local.properties add
https.protocols=TLSv1.2
4, In the Portal server, edit the phoenix.properties file, uncomment and configure the following properties:
registry.https.enabled=true
phoenix.https.enabled=true
phoenix.ssl.keystore=${LISA_HOME}/keystore.jks
phoenix.ssl.keystore.password=yourpassword
phoenix.ssl.keymanager.password=yourpassword
Save the modified properties files.
Restart DevTest components.