Service Virtualization

Expand all | Collapse all

Setting up HTTPS(SSL) Virtual Service

  • 1.  Setting up HTTPS(SSL) Virtual Service

    Posted 02-01-2019 02:55 PM

    Hi Team,

    Need some help on HTTPS virtual Services. I have gone through the some old post on this. I am bit confused as i am new to HTTPS services.

     

    I am creating a HTTPS virtual Service. What type of certificate is required and what is the configuration i have to do to deploy the virtual service in HTTPS mode. I have received .cer file. Not Sure whether I can directly use this certificate.

     

    And Client application send the request with their certificate details to the virtual service. Here Virtual Service should validate the client certificate and respond back.

    Could you please provide the list of steps to do.

     

    Thank You.


    Rajasekhar



  • 2.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-04-2019 03:48 AM

    This might help?

    Tech Tips: Configure 1-way SSL Working with Your Own Single Certificate and use HTTPS TLSv1.2 Communication with DevTest Components 

     

    I am assuming you need one-way SSL authentication (and not two-way SSL)? Does your virtual service need the Live Environment execution mode?

     

    I'm not a security expert but have you tested if it works without adding your certificate? In most cases for one-way SSL with no requirement for Live Execution there is no special certificate configuration needed. The main reason DevTest offers HTTPS for virtual services is to be able to technically integrate into your test environment. E.g. in those cases where the SUT cannot be reconfigured to use plain HTTP. We know HTTPS works as a technology, it's not up to a virtual service to find there's a bug in the encryption somewhere and HTTPS can be cracked, that is why a virtual service normally accepts any incoming client certificate. For Live execution mode, then the live system might expect a specific certificate and you would have to store your .cer public key into a java keystore (.jks) and configure it.

     

    Cheers,

    Danny



  • 3.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-08-2019 04:31 PM

    Thank you Danny. I have deployed the Virtual Service with .p12 file listen step and it worked.

     

    now i am working on another request, where we are hitting the HTTPS soap service using Web Service Execution step from APITest. I have added the SSL details in step. Not able to hit the service. Could see the below error in HTTP/SSL debug section:

     

    I have added below properties in Local.proerties file:

    ssl.client.cert.path=
    ssl.client.cert.pass.encrypted=
    ssl.client.key.pass.encrypted=
    ssl.client.alias=

     

    [ 7] *** CertificateVerify
    [ 7] Thread-313, WRITE: TLSv1 Handshake, length = 134
    [ 7] Thread-313, WRITE: TLSv1 Change Cipher Spec, length = 1
    [ 7] Thread-313, handling exception: java.net.SocketException: Software caused connection abort: socket write error
    [ 7] %% Invalidated: [Session-22, TLS_RSA_WITH_AES_256_CBC_SHA]
    [ 7] Thread-313, SEND TLSv1 ALERT: fatal, description = unexpected_message
    [ 7] Thread-313, WRITE: TLSv1 Alert, length = 2
    [ 7] Thread-313, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
    [ 7] Thread-313, called closeSocket()
    [ 7] Thread-313, called close()
    [ 7] Thread-313, called closeInternal(true)
    [ 7] [SSL Handshake Summary] Thread [Thread-313]
    [ 7] [SSL Handshake Summary] Acting as a Client
    [ 7] [SSL Handshake Summary] *†‡ indicates linked optional steps
    [ 7] [SSL Handshake Summary]
    [ 7] [SSL Handshake Summary] 1 RUN Client Hello -->
    [ 7] [SSL Handshake Summary] 2 RUN <-- Server Hello
    [ 7] [SSL Handshake Summary] 3* RUN <-- Server Certificate (Public Key)
    [ 7] [SSL Handshake Summary] 4† RUN <-- Request Client Certificate
    [ 7] [SSL Handshake Summary] 5* UNKNOWN Verify and Trust Server Certificate v
    [ 7] [SSL Handshake Summary] 6‡ SKIPPED <-- Server Key Exchange
    [ 7] [SSL Handshake Summary] 7 RUN <-- Server Hello Done
    [ 7] [SSL Handshake Summary] 8† RUN Client Certificate (Public Key) -->
    [ 7] [SSL Handshake Summary] 9† UNKNOWN v Verify and Trust Client Certificate
    [ 7] [SSL Handshake Summary] 10 RUN Client Key Exchange -->
    [ 7] [SSL Handshake Summary] 11† RUN Certificate Verify Confirmation -->
    [ 7] [SSL Handshake Summary] 12 RUN Client Change Cipher Spec -->
    [ 7] [SSL Handshake Summary] 13 RUN Client Finished -->
    [ 7] [SSL Handshake Summary] 14 RUN <-- Server Change Cipher Spec
    [ 7] [SSL Handshake Summary] 15 UNKNOWN <-- Server Finished
    [ 7] [SSL Handshake Summary]
    [ 7] [SSL Handshake Summary] SEND TLSv1 ALERT: fatal, description = unexpected_message
    [ 7] [SSL Handshake Summary] java.net.SocketException: Software caused connection abort: socket write error
    [ 7] [SSL Handshake Summary] See Alert or Exception for details

     

    Could you please check and suggest what might be wrong.

    Thank You,

    Rajasekhar



  • 4.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-09-2019 03:36 AM

    Looks like the Workstation is still using TLSv1 and your endpoint doesn't accept. Something similar is described in the communities question below. You can have a look, the fix described there will probably also  resolve your issue:

     

    "Make sure you have the https.protocols=TLSv1.2 set in the correct local.properties."

     

    https://communities.ca.com/message/242144553-re-intermittent-ssl-hand-shake-error?commentID=242144553#comment-242144553 



  • 5.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-11-2019 12:15 PM

    Thank You Danny.

     

    I have updated the below property in local.properties file.

    https.protocols=TLSv1.2

    Added the below property in VSE nd Workstation VMOptions files:

    -Dhttps.protocols=TLSv1.2

    Added the certificate details in SSL tab of the Web Service Execution step.

     

    Still getting the below error.

     

    [ 3] *** CertificateVerify
    [ 3] Signature Algorithm SHA512withRSA
    [ 3] Thread-99, WRITE: TLSv1.2 Handshake, length = 136
    [ 3] Thread-99, WRITE: TLSv1.2 Change Cipher Spec, length = 1
    [ 3] Thread-99, handling exception: java.net.SocketException: Software caused connection abort: socket write error
    [ 3] %% Invalidated: [Session-6, TLS_RSA_WITH_AES_256_CBC_SHA256]
    [ 3] Thread-99, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
    [ 3] Thread-99, WRITE: TLSv1.2 Alert, length = 2
    [ 3] Thread-99, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
    [ 3] Thread-99, called closeSocket()
    [ 3] Thread-99, called close()
    [ 3] Thread-99, called closeInternal(true)
    [ 3] [SSL Handshake Summary] Thread [Thread-99]
    [ 3] [SSL Handshake Summary] Acting as a Client
    [ 3] [SSL Handshake Summary] *†‡ indicates linked optional steps
    [ 3] [SSL Handshake Summary]
    [ 3] [SSL Handshake Summary] 1 RUN Client Hello -->
    [ 3] [SSL Handshake Summary] 2 RUN <-- Server Hello
    [ 3] [SSL Handshake Summary] 3* RUN <-- Server Certificate (Public Key)
    [ 3] [SSL Handshake Summary] 4† RUN <-- Request Client Certificate
    [ 3] [SSL Handshake Summary] 5* UNKNOWN Verify and Trust Server Certificate v
    [ 3] [SSL Handshake Summary] 6‡ SKIPPED <-- Server Key Exchange
    [ 3] [SSL Handshake Summary] 7 RUN <-- Server Hello Done
    [ 3] [SSL Handshake Summary] 8† RUN Client Certificate (Public Key) -->
    [ 3] [SSL Handshake Summary] 9† UNKNOWN v Verify and Trust Client Certificate
    [ 3] [SSL Handshake Summary] 10 RUN Client Key Exchange -->
    [ 3] [SSL Handshake Summary] 11† RUN Certificate Verify Confirmation -->
    [ 3] [SSL Handshake Summary] 12 RUN Client Change Cipher Spec -->
    [ 3] [SSL Handshake Summary] 13 UNKNOWN Client Finished -->
    [ 3] [SSL Handshake Summary] 14 UNKNOWN <-- Server Change Cipher Spec
    [ 3] [SSL Handshake Summary] 15 UNKNOWN <-- Server Finished
    [ 3] [SSL Handshake Summary]
    [ 3] [SSL Handshake Summary] SEND TLSv1.2 ALERT: fatal, description = unexpected_message
    [ 3] [SSL Handshake Summary] java.net.SocketException: Software caused connection abort: socket write error
    [ 3] [SSL Handshake Summary] See Alert or Exception for details
    [ 2] Finalizer, called close()
    [ 2] Finalizer, called closeInternal(true)
    [ 2] Finalizer, called close()
    [ 2] Finalizer, called closeInternal(true)
    [ 2] Finalizer, called close()
    [ 2] Finalizer, called closeInternal(true)
    [ 2] Finalizer, called close()
    [ 2] Finalizer, called closeInternal(true)

     

     

    Could you please look into it and advise.

     

    Thank You,

    Rajasekhar



  • 6.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-12-2019 01:03 AM

    I am almost at the end of my suggestions here, for real advice you might have to speak with someone who really understands this security stuff.

     

    It might be that there is a mismatch with the cypher suites/signature algorithms between the DevTest SSL client and your server. From your log we see "Signature Algorithm SHA512withRSA" and the an invalidated cypher suite "TLS_RSA_WITH_AES_256_CBC_SHA256"

     

    Before really diving into the detail I would give it a quick try by also including TLSv1.1 as https protocol. So, give it a try with https.protocols=TLSv1.1,TLSv1.2

     

    If that doesn't work then you will have to compare client SSL setup with server SSL setup. A lot of that depends on which java versionis used on either side:

    • which DevTest version are you using?
    • talk to your serverside people; which java version are they using? have they done some additional SSL configuration? it seems to be the server-side that closes the connection, so can they have a look in their logs what is the reasaon server-side aborts?

     

    Cheers,

    Danny



  • 7.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-12-2019 04:30 PM

    Thank You Danny.

    I have tried with https.protocols=TLSv1.1,TLSv1.2 also. Same issue.

    We are using 10.3 version.

     

    I will try the option which you suggested and update the result.

     

    Thank You

    Rajasekhar

     



  • 8.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-24-2019 08:30 PM

    Hi Danny,

     

    We have created .jks file and it worked. Not sure why .p12 file did not work.

     

    Thank You for your help.

     

    Rajasekhar



  • 9.  Re: Setting up HTTPS(SSL) Virtual Service

    Posted 02-25-2019 07:27 AM

    Re. your remark on the p12 file, I am not completely up to date where exactly you are setting up an SSL connection (Listen step, Live Execution, Web Service Execution, ...), have you checked the documentaion for your specific circumstance? For many of the steps where DevTest allows SSL configuration you will find the following in the documentation:

    • SSL Keystore File
      Specifies the name of the keystore file.
      To find a keystore file on the file system, click Browse. Keystore files must be in PKCS12 or JKS format.

     

    If you don't find this documented for the case where you are using it, you might want to flag this to support.

     

    Cheers,

    Danny