Limitations in using Your Own Keystore for DevTest Broker Service

book

Article ID: 205742

calendar_today

Updated On:

Products

CLOUDTEST CA Application Test CA Cloud Test Mobile MOBILECLOUD Service Virtualization

Issue/Introduction

We have two vulnerabilities that popped up as soon as we started using the Broker

1. self-signed certificate  - we are unable to use our own certificate for the Broker (2009).  I set the following in the local.properties.

lisa.net.keyStore=D:/apps/CA/Certs/lisa_certs.jks
lisa.net.keyStore.password_enc=l8fa7a25d8a0dfa904241b876edb0854734c92ac9ab61d4b46dc4e5d4b529507a69c565d67147bd

lisa.net.trustStore=D:/apps/CA/Certs/lisa_certs.jks
lisa.net.trustStore.password_enc=l952455ac7710839f95aeeb1e32fc95baf77ca75e9725d7648619a47d161b4929e7b5441cca52ef

 

lisa.net.default.protocol

lisa.net.keyStore

lisa.net.keyStore.password

 

2. Unable to Disable TLS 1.0 - for Broker - I tried adding "-Dhttps.protocols=TLSv1.2" to the VMoptions files , but I was still seeing issues with 2009 ports.  Am I missing anything?

Cause

Limitations with Broker component 

Environment

Release : 10.4

Component : CA Service Virtualization

Resolution

Currently there is a limitation when using your own keystore for Broker service.  The issue is  with the password used in private key and keystore file, We only allow 'passphrase' as the keystore password. .   

 


Here is the workaround to make Broker use keystore of our own, this is what has to be done:

When creating keystore, make sure  your keystore and private key are secured with password as 'passphrase'
Set only lisa.keystore property in rules.xml file
Comment out the lisa.keystore.password_enc entry in rules.xml file
Since, the code assumes password as 'passphrase' if there is no entry for "lisa.keystore.password_enc", our Keystore with legitimate SSL cert could be used with Broker.
In rules.xml

 

   <broker>
      <property comment="The logging level of the root category" key="lisa.log.level" value="dev"/>
    <property comment="The location of the ssl keystore, defaults to Lisa Home or Agent Dir." key="lisa.keystore" value="/Users/abcuser06/newkeystore.jks"/>
   </broker>

 

In local.properties

 

lisa.net.keyStore=/Users/abcuser06/newkeystore.jks
lisa.net.keyStore.password_enc=l22d5b6bdc2b036e89fcef6ce46766e5921a00d2cab50bdca5f4b0fbaf72ff99f0e6c5ebfb9d8fd902233
lisa.net.default.protocol=ssl

 

Note: This is in our backlog to fix this issue.