Ignoring Client side Lisa certificate; CN: Lisa is not authorized for userid for sites that don't require certificate
search cancel

Ignoring Client side Lisa certificate; CN: Lisa is not authorized for userid for sites that don't require certificate

book

Article ID: 233832

calendar_today

Updated On: 03-12-2025

Products

Service Virtualization

Issue/Introduction

When sending a soap request (https://serverhost.com/rsax) to the direct endpoint from local machine using Postman , getting a  200 response( No certificate passed from local machine).

Then created a new test case in DevTest or do a VS recording with a soap request and try to send the same request (no certificates passed), getting the following response

 <?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <soap:Fault>
      <faultcode>soap:Client</faultcode>
      <faultstring>Access denied</faultstring>
      <detail>
        <code>6020910</code>
        <type>Error</type>
        <context>Certificate CN: Lisa is not authorized for usrd: XXX, Full Certificate details: (Subject DN: E=support@itko.com, C=US, S=Texas, L=Dallas, O=Lisa, OU=Lisa, CN=Lisa, Issuer DN: E=support@itko.com, C=US, S=Texas, L=Dallas, O=Lisa, OU=Lisa, CN=Lisa)</context>
      </detail>
    </soap:Fault>
  </soap:Body>
</soap:Envelope>

Looks like DevTest is adding a certificate by default and causing the issue.  This is happening for Live Invocation too. 

Environment

DevTest 10.7.0

Cause

Defect

Resolution

SSL Recording Improvement: When recording a virtual service via the HTTP Recorder in the workstation, choosing “Use SSL to Server” allows you to ignore the client side certificate when recording a virtual service.

There is a patch that handles VS recording and LIVE INVOCATION use cases without using a client certificate. 

Please open a support ticket and ask for patch_DE526893_10.7.0_LTD.jar  

Additional Information

Steps to apply patch:
1. Exit Workstation and stop all Devtest services running on the machine.
2. Copy patch "patch_DE526893_10.7.0_LTD.jar" to LISA_HOME/lib/patches folder.
3. Start Devtest services that were stopped on step 1, launch Workstation too.
4. With the patch in place, there is no need to comment out ssl.client.cert.path and ssl.client.cert.pass properties lisa.properties. 
5. With the patch in place, a new option NONE has been added to the 'SSL Keystore file'. Can choose this option when do not want to pass a CLIENT keystore while using SSL to Server.