Service Virtualization

 View Only
Expand all | Collapse all

How to use SSL Certificate for REST API call

  • 1.  How to use SSL Certificate for REST API call

    Posted Nov 03, 2023 08:32 AM

    Hi Team , 

    Require urgent help in resolving the issue related to certificate for the REST API calls. I am using Devtest version 10.6.

    As a part of project upgrade we are now provided with an endpoint from Mulesoft, which mandated us to provide the SSL certificate and password to be used for the REST API calls. I tried to enter the certificate details in the local properties file in the Devtest workstation path . ( The local properties in the program files section, is not allowing me to save the changes, it just provides me with save as option only. so I opted to make the changes in the local properties file in the workstation path .)

    #ssl.client.cert.path=

    #ssl.client.cert.pass=

    I provided the certificate value and its password in the above fields in local properties file. The name of the file is displayed as _local . should I rename it as local instead ?

    There is a hash infront of the ssl.client.cert.path and  ssl.client.cert.pass. Should I remove the # . ( I am doubtful if that is considered as commenting that line . So want to make sure if # is to be included or not in the front.) ? 

    How do I incorporate providing of SSL certificate for the REST API call . ? 

    I am aware as how its been done in case of SOAP API calls , we use the Pro tab and security settings in that case. I am looking for your inputs for the REST API calls SSL certificate . Please help . 



    ------------------------------
    Shalini Murukes
    ------------------------------


  • 2.  RE: How to use SSL Certificate for REST API call

    Broadcom Employee
    Posted Nov 03, 2023 09:25 AM
    Hi Shalini

    Please find below my response embedded for all the questions.

    Hi Team ,

    Require urgent help in resolving the issue related to certificate for the
    REST API calls. I am using Devtest version 10.6.

    As a part of project upgrade we are now provided with an endpoint from
    Mulesoft, which mandated us to provide the SSL certificate and password to
    be used for the REST API calls. I tried to enter the certificate details in
    the local properties file in the Devtest workstation path . ( The local
    properties in the program files section, is not allowing me to save the
    changes, it just provides me with save as option only. so I opted to make
    the changes in the local properties file in the workstation path .)

    #ssl.client.cert.path=

    #ssl.client.cert.pass=

    I provided the certificate value and its password in the above fields in
    local properties file. The name of the file is displayed as _local . should
    I rename it as local instead ?

    *Yes, # means that line is commented out. Please uncomment it by removing #*

    *Rename the file as local.properties*

    There is a hash infront of the ssl.client.cert.path and
    ssl.client.cert.pass. Should I remove the # . ( I am doubtful if that is
    considered as commenting that line . So want to make sure if # is to be
    included or not in the front.) ?

    How do I incorporate providing of SSL certificate for the REST API call . ?

    *If your mulesoft endpoint demands an SSL Certificate for the workstation
    (also called as CLIENT Certificate), then the SSL Certificate mentioned by
    the ssl.client.cert.path will be used by workstation. *

    *Besides, you may need to import the issuing CA public certificates into a
    JKS file and point that to the property **lisa.net.trustStore*

    I am aware as how its been done in case of SOAP API calls , we use the Pro
    tab and security settings in that case. I am looking for your inputs for
    the REST API calls SSL certificate . Please help .

    *Please try this out and let me know if you still have any questions. *

    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 3.  RE: How to use SSL Certificate for REST API call

    Posted Nov 03, 2023 11:23 AM

    Hi Sankar, 

    I made the changes which you had mentioned in the local.properties file .  

    I have pointed the .JKS file to the property lisa.net.trustStore . Is there any password I need to provide for the same ? 

    If so, what is the name of the property I need to point the certificate password , which later will get encrypted during execution . 

    And any of these values needs to be changed ?

    #lisa.net.trustStore.password_enc=079f6a3d304a978146e547802ed3f3a4

    ## Do we want mutual authentication? Usually no. 
    #lisa.net.clientAuth=false

    ## Whether to default to SSL or TCP
    #lisa.net.default.protocol=ssl

    Because I still see the same error :

    | Message:     javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    | Trapped Exception: Remote host closed connection during handshake
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------




  • 4.  RE: How to use SSL Certificate for REST API call

    Posted Nov 03, 2023 09:45 AM

    Team , 

    One update to the above query , I changed the name of the property file from _local to local in the workstation path . 

    Removed the # in front of the ssl.client.cert.path and  ssl.client.cert.pass in the local.property file . Now it is actually picking the certificate value and the password when I executed the test case. 

    But still, I get the below error only, 

    | Message:     javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    | Trapped Exception: Remote host closed connection during handshake
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    Is there anything else I need to change ? 




  • 5.  RE: How to use SSL Certificate for REST API call

    Broadcom Employee
    Posted Nov 03, 2023 10:20 AM
    Hi Shalini
    Please check the workstation.log file in
    USER_HOME/lisatmp_10.6.0 folder and share the exception stack for a quick
    analysis.

    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 6.  RE: How to use SSL Certificate for REST API call

    Posted Nov 03, 2023 12:14 PM

    I am not sure on how to access the USER_HOME path in my system , Below is the Failed assertion that I have got when executing the particular REST API call . 

    ============================================================================
    | javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ============================================================================
    | Step:        AddRetailParticipant
    ----------------------------------------------------------------------------
    | Message:     Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    | Trapped Exception: Remote host closed connection during handshake
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    STACK TRACE
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:994)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
    at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1082)
    at com.itko.lisa.test.CommTrans.send(CommTrans.java:851)
    at com.itko.lisa.test.CommTrans.sendPOST(CommTrans.java:811)
    at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:226)
    at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:171)
    at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:380)
    at com.itko.lisa.test.TestNode.executeNode(TestNode.java:995)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
    at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
    at com.itko.lisa.utils.ExecSubProcessNode.doFullExec(ExecSubProcessNode.java:354)
    at com.itko.lisa.utils.ExecSubProcessNode.execute(ExecSubProcessNode.java:268)
    at com.itko.lisa.test.TestNode.executeNode(TestNode.java:995)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
    at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
    at com.itko.lisa.editor.WalkThruPanel.prepAndExecNode(WalkThruPanel.java:1120)
    at com.itko.lisa.editor.WalkThruPanel.access$900(WalkThruPanel.java:73)
    at com.itko.lisa.editor.WalkThruPanel$10.doCallback(WalkThruPanel.java:1022)
    at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:195)
    at java.lang.Thread.run(Thread.java:748)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
    ... 32 more
    ============================================================================



  • 7.  RE: How to use SSL Certificate for REST API call

    Broadcom Employee
    Posted Nov 03, 2023 01:21 PM
    Hi Shalini
    USER_HOME refers typically to the windows folder
    c:\users\<username>. Please share the workstation.log for analysis.

    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 8.  RE: How to use SSL Certificate for REST API call

    Posted Nov 04, 2023 04:50 AM

    Hi Sankar, 

    Find below the details of the log for the execution form the workstation.log file. 

    | HTTP
    ============================================================================
    | Step:        GetParticipant
    ----------------------------------------------------------------------------
    | Message:     javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    | Trapped Exception: Remote host closed connection during handshake
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    STACK TRACE
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:994)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
        at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1082)
        at com.itko.lisa.test.CommTrans.send(CommTrans.java:851)
        at com.itko.lisa.test.CommTrans.sendGET(CommTrans.java:775)
        at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:221)
        at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:171)
        at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:380)
        at com.itko.lisa.test.TestNode.executeNode(TestNode.java:995)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
        at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
        at com.itko.lisa.utils.ExecSubProcessNode.doFullExec(ExecSubProcessNode.java:354)
        at com.itko.lisa.utils.ExecSubProcessNode.execute(ExecSubProcessNode.java:268)
        at com.itko.lisa.test.TestNode.executeNode(TestNode.java:995)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
        at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
        at com.itko.lisa.editor.WalkThruPanel.prepAndExecNode(WalkThruPanel.java:1120)
        at com.itko.lisa.editor.WalkThruPanel.access$900(WalkThruPanel.java:73)
        at com.itko.lisa.editor.WalkThruPanel$10.doCallback(WalkThruPanel.java:1022)
        at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:195)
        at java.lang.Thread.run(Thread.java:748)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:505)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
        ... 32 more
    ============================================================================
        at com.jayway.jsonpath.internal.token.ArrayPathToken.evaluate(ArrayPathToken.java:60)
        at com.jayway.jsonpath.internal.token.RootPathToken.evaluate(RootPathToken.java:53)
        at com.jayway.jsonpath.internal.CompiledPath.evaluate(CompiledPath.java:53)
        at com.jayway.jsonpath.internal.CompiledPath.evaluate(CompiledPath.java:61)
        at com.jayway.jsonpath.JsonPath.read(JsonPath.java:179)
        at com.jayway.jsonpath.internal.JsonReader.read(JsonReader.java:143)
        at com.jayway.jsonpath.internal.JsonReader.read(JsonReader.java:132)
        at com.ca.lisa.apptest.json.JSONUtil.getStringByJsonPath0(JSONUtil.java:518)
        at com.ca.lisa.apptest.json.JSONUtil.getStringByJsonPath(JSONUtil.java:476)
        at com.ca.lisa.apptest.json.AssertJSONEquals2.evaluate(AssertJSONEquals2.java:127)
        at com.itko.lisa.test.Assertion.execute(Assertion.java:299)
        at com.itko.lisa.test.TestNode.runAssertionsInList(TestNode.java:1186)
        at com.itko.lisa.test.TestNode.runAssertions(TestNode.java:1137)
        at com.itko.lisa.test.TestNode.executeNode(TestNode.java:1027)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
        at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
        at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
        at com.itko.lisa.editor.WalkThruPanel.prepAndExecNode(WalkThruPanel.java:1120)
        at com.itko.lisa.editor.WalkThruPanel.access$900(WalkThruPanel.java:73)
        at com.itko.lisa.editor.WalkThruPanel$10.doCallback(WalkThruPanel.java:1022)
        at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:195)
        at java.lang.Thread.run(Thread.java:748)
    2023-11-04 08:38:57,950Z (14:08) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: -1
    2023-11-04 08:38:57,951Z (14:08) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 2
    2023-11-04 08:38:57,961Z (14:08) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 2
    2023-11-04 08:38:57,962Z (14:08) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 3
    2023-11-04 08:39:00,088Z (14:09) [ProcDlgThreadCallbk@50c3c39e] INFO  com.itko.lisa.script.logger    - Removing listener :'this' reference to Bsh object: NameSpace: AnonymousBlock (bsh.NameSpace@637a4d76)
    implements: com.itko.lisa.test.TestEventListener
    2023-11-04 08:39:00,101Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: -1
    2023-11-04 08:39:00,102Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 3
    2023-11-04 08:39:00,115Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 3
    2023-11-04 08:39:00,116Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 4
    2023-11-04 08:39:02,260Z (14:09) [ProcDlgThreadCallbk@b8a2ead] INFO  com.itko.util.XMLUtils         - The XML Doc to be opened: C:/Users/d31872/DevTest/Projects/FTM_Automation/Tests/Subprocesses/Utilities/SP_Write_Participant_Data_To_Excel.tst
    2023-11-04 08:39:02,468Z (14:09) [ProcDlgThreadCallbk@b8a2ead] INFO  com.itko.lisa.test.TestCase    - Name: SP_Write_Participant_Data_To_Excel Version: 5 created with LISA 10.2.4 (10.2.4.153)
    2023-11-04 08:39:02,823Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: -1
    2023-11-04 08:39:02,824Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 4
    2023-11-04 08:39:02,838Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 4
    2023-11-04 08:39:02,839Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 5
    2023-11-04 08:39:04,277Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.net.ServerRequestHandler - Scheduling removal of tcp://PDUTRUCOR04297:2008/9006DAAE7AED11EEBF44005056BEDCC3
    2023-11-04 08:39:10,485Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 2
    2023-11-04 08:39:10,600Z (14:09) [AWT-EventQueue-0] INFO  com.itko.lisa.editor.WalkThruPanel - (setSelectedNode) index: 2




  • 9.  RE: How to use SSL Certificate for REST API call

    Posted Nov 04, 2023 06:24 AM

    Hi Sankar, 

    Few more information for your reference, 

    My project uses both REST API call for one section of our application and SOAP API call for another section of the application . We have been using certificate for the SOAP API section since a long time. But the SSL certificate for the REST API is being implemented recently. 

    The Endpoint for the REST API call will be of this format ,

    {{Endpoint_Rest_Protocol}}://{{Username}}:{{Password}}@{{Endpoint_Rest}}/ws/svc/cxcsampletest/

    {{Endpoint_Rest_Protocol}} = https

    {{Endpoint_Rest}} = sampleurl-samplecheck.com

    In the local.properties of the workstation , if I provide the values as below, 

    ssl.client.cert.path=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    ssl.client.cert.pass=password

    and 

    lisa.net.trustStore=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    lisa.net.trustStore.password=password

    Both the .jks file are the same and have the same password. SInce you mentioned that we need to pass the JKS format in the truststore, I tried this way, and it gives the below handshake error, 

    | Trapped Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    | Trapped Message:   javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    But,

    In the local.properties, if I provide the values as below, 

    ssl.client.cert.path=C:\\Users\\1234567\\DevTest\\Projects\\certificateRestAPI (1).pfx
    ssl.client.cert.pass=certpassword

    and 

    lisa.net.trustStore=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    lisa.net.trustStore.password=password

    Note that the password for the .pfx format is different from the password of the .jks format.

    I get the below error, 

    | Message:     javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    | Trapped Exception: Remote host closed connection during handshake
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    ----------------------------------------------------------------------------
    STACK TRACE
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake




  • 10.  RE: How to use SSL Certificate for REST API call

    Broadcom Employee
    Posted Nov 04, 2023 07:41 AM
    Hi Shalini
    Please let me know the timezone that you are in. Will do a webex
    on Monday to sort this out.

    Regards.
    Sankar

    On Sat, 4 Nov, 2023, 15:53 Shalini Murukes via Broadcom, <mail@broadcom.com>
    wrote:

    > Hi Sankar, Few more information for your reference, My project uses both
    > REST API call for one section of our application and SOAP API call...
    > [image: Broadcom] <https: community.broadcom.com="">
    > Service Virtualization
    > <https: community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer?communitykey="94bda077-625b-4914-8ac3-c88a06c2cc23">
    > Post New Message <broadcom-servicevirtualization@connectedcommunity.org>
    > Re: How to use SSL Certificate for REST API call
    > <https: community.broadcom.com/enterprisesoftware/discussion/how-to-use-ssl-certificate-for-rest-api-call#bma96ecfe6-4bc0-4a83-b801-018b99cc529d="">
    > Reply to Group
    > <broadcom_servicevirtualization_a96ecfe6-4bc0-4a83-b801-018b99cc529d@connectedcommunity.org?subject=re:+how+to+use+ssl+certificate+for+rest+api+call> Reply
    > to Sender
    > <https: community.broadcom.com/enterprisesoftware/communities/all-discussions/postreply?messagekey="a96ecfe6-4bc0-4a83-b801-018b99cc529d&ListKey=d4484a56-be7e-428f-99d1-26cc0f5a617e&SenderKey=65e1ec20-76b9-4608-92ca-171ed3297893">
    > [image: Shalini Murukes]
    > <https: community.broadcom.com/network/members/profile?userkey="65e1ec20-76b9-4608-92ca-171ed3297893">
    > Nov 4, 2023 6:24 AM
    > Shalini Murukes
    > <https: community.broadcom.com/network/members/profile?userkey="65e1ec20-76b9-4608-92ca-171ed3297893">
    >
    > Hi Sankar,
    >
    > Few more information for your reference,
    >
    > My project uses both REST API call for one section of our application and
    > SOAP API call for another section of the application . We have been using
    > certificate for the SOAP API section since a long time. But the SSL
    > certificate for the REST API is being implemented recently.
    >
    > The Endpoint for the REST API call will be of this format ,
    >
    > {{Endpoint_Rest_Protocol}}://{{Username}}:{{Password}}@
    > {{Endpoint_Rest}}/ws/svc/cxcsampletest/
    >
    > {{Endpoint_Rest_Protocol}} = https
    >
    > {{Endpoint_Rest}} = sampleurl-samplecheck.com
    >
    > In the local.properties of the workstation , if I provide the values as
    > below,
    >
    > ssl.client.cert.path=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    > ssl.client.cert.pass=password
    >
    > and
    >
    > lisa.net.trustStore=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    > lisa.net.trustStore.password=password
    >
    > Both the .jks file are the same and have the same password. SInce you
    > mentioned that we need to pass the JKS format in the truststore, I tried
    > this way, and it gives the below handshake error,
    >
    > | Trapped Exception: sun.security.validator.ValidatorException: PKIX path
    > building failed:
    > sun.security.provider.certpath.SunCertPathBuilderException: unable to
    > find valid certification path to requested target
    >
    > | Trapped Message: javax.net.ssl.SSLHandshakeException:
    > sun.security.validator.ValidatorException: PKIX path building failed:
    > sun.security.provider.certpath.SunCertPathBuilderException: unable to
    > find valid certification path to requested target
    >
    > But,
    >
    > In the local.properties, if I provide the values as below,
    >
    >
    > ssl.client.cert.path=C:\\Users\\1234567\\DevTest\\Projects\\certificateRestAPI
    > (1).pfx
    > ssl.client.cert.pass=certpassword
    >
    > and
    >
    > lisa.net.trustStore=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    > lisa.net.trustStore.password=password
    >
    > Note that the password for the .pfx format is different from the password
    > of the .jks format.
    >
    > I get the below error,
    >
    > | Message: javax.net.ssl.SSLHandshakeException: Remote host closed
    > connection during handshake
    >
    > ----------------------------------------------------------------------------
    > | Trapped Exception: Remote host closed connection during handshake
    > | Trapped Message: javax.net.ssl.SSLHandshakeException: Remote host
    > closed connection during handshake
    >
    > ----------------------------------------------------------------------------
    > STACK TRACE
    > javax.net.ssl.SSLHandshakeException: Remote host closed connection during
    > handshake
    > *Reply to Group Online
    > <https: community.broadcom.com/enterprisesoftware/communities/all-discussions/postreply?messagekey="a96ecfe6-4bc0-4a83-b801-018b99cc529d&ListKey=d4484a56-be7e-428f-99d1-26cc0f5a617e">*
    > *Reply to Group via Email
    > <broadcom_servicevirtualization_a96ecfe6-4bc0-4a83-b801-018b99cc529d@connectedcommunity.org?subject=re:+how+to+use+ssl+certificate+for+rest+api+call>*
    > *View Thread
    > <https: community.broadcom.com/enterprisesoftware/discussion/how-to-use-ssl-certificate-for-rest-api-call#bma96ecfe6-4bc0-4a83-b801-018b99cc529d="">*
    > *Recommend
    > <https: community.broadcom.com:443/enterprisesoftware/discussion/how-to-use-ssl-certificate-for-rest-api-call?messagekey="a96ecfe6-4bc0-4a83-b801-018b99cc529d&cmd=rate&cmdarg=add#bma96ecfe6-4bc0-4a83-b801-018b99cc529d">*
    > *Forward
    > <https: community.broadcom.com/enterprisesoftware/communities/all-discussions/forwardmessages?messagekey="a96ecfe6-4bc0-4a83-b801-018b99cc529d&ListKey=d4484a56-be7e-428f-99d1-26cc0f5a617e">*
    > *Flag as Inappropriate
    > <https: community.broadcom.com/enterprisesoftware/discussion/how-to-use-ssl-certificate-for-rest-api-call?markappropriate="a96ecfe6-4bc0-4a83-b801-018b99cc529d#bma96ecfe6-4bc0-4a83-b801-018b99cc529d">*
    >
    > -------------------------------------------
    > Original Message:
    > Sent: Nov 03, 2023 01:20 PM
    > From: Sankar Natarajan
    > Subject: How to use SSL Certificate for REST API call
    >
    > Hi Shalini
    > USER_HOME refers typically to the windows folder
    > c:\users\
    >
    >
    >
    > You are subscribed to "Service Virtualization" as
    > sankar.natarajan@broadcom.com. To change your subscriptions, go to My
    > Subscriptions
    > <http: community.broadcom.com/preferences?section="Subscriptions">. To
    > unsubscribe from this community discussion, go to Unsubscribe
    > <http: community.broadcom.com/higherlogic/egroups/unsubscribe.aspx?userkey="36e7cc73-528a-48f6-8c4b-455a0e4cdb59&sKey=KeyRemoved&GroupKey=d4484a56-be7e-428f-99d1-26cc0f5a617e">.
    >
    >
    > Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
    > refers to Broadcom Inc. and/or its subsidiaries.
    >
    > Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
    > <https: www.broadcom.com/company/legal/privacy-policy=""> | Cookie Policy
    > <https: www.higherlogic.com/legal/privacy=""> | Supply Chain Transparency
    > <https: www.broadcom.com/company/citizenship/governance-and-ethics#supply="">
    > | Terms of Use <http: termsandconditions="">
    >

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 11.  RE: How to use SSL Certificate for REST API call

    Posted Nov 06, 2023 02:46 AM

    I am in Indian Time Zone . 




  • 12.  RE: How to use SSL Certificate for REST API call

    Posted Nov 05, 2023 10:03 AM

    # is for comment and "_" is appended in the reference files to make respective properties files you have to remove the _ from the name.

    Thanks



    ------------------------------
    Regards,
    Vaibhav Jain
    Capgemini
    ------------------------------



  • 13.  RE: How to use SSL Certificate for REST API call

    Posted Nov 06, 2023 03:02 AM

    Hi Vaibhav, 

    I have tried that, but it does not work.

    ssl.client.cert.path=C:\\Users\\1234567\\DevTest\\Projects\\certificateRestAPI (1).pfx
    ssl.client.cert.pass=certpassword

    lisa.net.trustStore=C:\\Users\\1234567\\DevTest\\Projects\\RestAPI.jks
    lisa.net.trustStore.password=password

    Note that the password for the .pfx format is different from the password of the .jks format.

    Is it required to provide the certificate in any specific format ? we had .pfx. Since I got info from broadcom support that I need to provide JKS format in the trust store, I requested my Dev for JKS format for the same and got a new password for that. IS this approach correct ? 

    Still I am not able to resolve the SSL handshake issue. 

    Will adding of the line 

    -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

    in CA/DevTest/bin/Workstation.vmoptions file be helpful  ? 




  • 14.  RE: How to use SSL Certificate for REST API call
    Best Answer

    Broadcom Employee
    Posted Nov 06, 2023 03:56 AM
    Hi Shalini
    PLease add the https protocols in reverse order to local.properties
    file and try.

    https.protocols=TLSv1.2,TLSv1.1,TLSv1

    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 15.  RE: How to use SSL Certificate for REST API call

    Posted Nov 06, 2023 06:51 AM

    This solution worked !! Thank You for the support.