Service Virtualization

I'm trying to update secure the server console due to some security requirements.  What is the default password for webserver.ks?

Hi Tamika,

I believe the default password is "passphrase".  However, that's probably not the keystore you want to use.

Nearly every SSL client will attempt to validate the server certificate.  That means if it is trying to make an SSL connection to "www.ca.com" it will expect the certificate to contain the name "www.ca.com".

If you use webserver.ks, it will return the name "Lisa".  Clients performing "host name validation" (nearly all do) will reject the server and close the connection.

You could use keytool to create a self-signed certificate with the name of your server console, but most clients would make a different complaint now: the certificate isn't trusted.

Your options are 1) export your certificate to each client, or 2) have your certificate signed by another certificate that is already trusted.

I recommend option #2.  There's probably an organization within your company responsible for issuing trusted certificates.

--Mike

Maybe I am asking the wrong question.  I just want to secure the old server console or whatever is listening on port 1505 that contains all the links.  For some reason that port came up in a scan.  I just need to enable security for it.  I tried updating the local.properties but it didn't seem to secure the splash page.  I can still get to it over http.

Are you talking about these setting?

lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}webserver.ks
lisa.webserver.ssl.keystore.password=yourpassword
lisa.webserver.ssl.keymanager.password=yourpassword

So, "passphrase" isn't actually the password.  The correct password is "changeit" (for both of them).

Go ahead and try that.  Clients will get an error or warning when they connect, but SSL should be enabled.  If the errors aren't a problem, you're done.  Otherwise, you'll need a valid certificate.

--Mike

I am still able to get to this splash page using http

http://server:1505--> is there anyway to secure this web page?  I tried changing the local.properties on the server but the page is still available over http.

lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}webserver.ks
lisa.webserver.ssl.keystore.password_enc=
lisa.webserver.ssl.keymanager.password_enc=

Notice!All Existing Consoles have been migrated into the DevTest Portal.

Depending on your deployment, DevTest Portal may exist in one or more of the following locations:

• Same server as your DevTest Registry
• Same server as your DevTest Workstation
• A different server, with your shared DevTest artifacts

Enter the URL in the text box below, based on the Portal with access to your projects as some portal features require access to your project artifacts. You can find more information in the DevTest Solutions documentation

Okay, I'm stumped.  I just tried it, and I was able to secure it.  Please open a support ticket.  Before opening the ticket, do this:

1) Shutdown Registry

2) Delete registry.log

3) Restart Registry and wait for it to completely come up

Attach "registry.log" to the ticket.  Please mention my name on the ticket so I can give the support engineer the background.  Also, please reply here with the ticket number so I can track it.  Thanks.

--Mike

Hi Tamika,

What I meant to say was, please attach it to the support ticket after you open it.  You can open up a support ticket here:

CA Support Online - CA Technologies 

--Mike

Mike,

I was able to get the Server Console secured on 3 different servers.  But on one of the both the http and https page console page works.  The one server contains the enterprise dashboard. 

 Is there anything I am missing?  We need the http page too no longer work

dradis.properties file:

**************************

dradis.webserver.https.enabled=true

dradis.webserver.ssl.keystore.location=(just put the keystore name, no {{DRADIS_HOME}}) dradis.webserver.ssl.keystore.password=(your keystore password) dradis.webserver.ssl.keymanager.password=(your keymanager password)

local.properties file of where each Devtest component is installed in case distributed:

********************************************************************

lisa.net.default.protocol=ssl

lisa.webserver.https.enabled=true

lisa.webserver.ssl.keystore.location={{LISA_HOME}}/(your keystore) lisa.webserver.ssl.keystore.password=(your keystore password) lisa.webserver.ssl.keymanager.password=(your keymanager password)

lisa.portal.url.prefix=https://

phoenix.properties:

*****************************

registry.https.enabled=true

phoenix.https.enabled=true

phoenix.ssl.keystore=${LISA_HOME}/(your keystore) phoenix.ssl.keystore.password=(your keystore password) phoenix.ssl.keymanager.password=(your keymanager password)

site.properties:

*******************

devtest.enterprisedashboard.https.enabled=true