Limitations in using Your Own Keystore for DevTest Broker Service
search cancel

Limitations in using Your Own Keystore for DevTest Broker Service


Article ID: 205742


Updated On:


CA Cloud Test Mobile CA Application Test Service Virtualization


We have two vulnerabilities that popped up as soon as we started using the Broker

1. self-signed certificate  - we are unable to use our own certificate for the Broker (2009).  I set the following in the


2. Unable to Disable TLS 1.0 - for Broker - I tried adding "-Dhttps.protocols=TLSv1.2" to the VMoptions files , but I was still seeing issues with 2009 ports.  Am I missing anything?


All supported DevTest releases.


Limitations with Broker component 


Currently there is a limitation when using your own keystore for Broker service.  The issue is  with the password used in private key and keystore file, We only allow 'passphrase' as the keystore password. .   


Here is the workaround to make Broker use keystore of our own, this is what has to be done:

When creating keystore, make sure  your keystore and private key are secured with password as 'passphrase'
Set only lisa.keystore property in rules.xml file
Comment out the lisa.keystore.password_enc entry in rules.xml file
Since, the code assumes password as 'passphrase' if there is no entry for "lisa.keystore.password_enc", our Keystore with legitimate SSL cert could be used with Broker.
In rules.xml


      <property comment="The logging level of the root category" key="lisa.log.level" value="dev"/>
    <property comment="The location of the ssl keystore, defaults to Lisa Home or Agent Dir." key="lisa.keystore" value="/Users/certs/newkeystore.jks"/>




Note: This is in our backlog to fix this issue.