Service Virtualization

  • Private Community
 View Only

  • 1.  How to get VSE to recognize external trusted SSL cert

    Posted Aug 10, 2018 01:24 PM

    Pardon me if this has been asked before, but here is the situation:

     

    We have our own SSL signing authority and created an SSL cert for LISA.  

    How can I import this cert so it works in both Workstation and when deployed to the VSE?

     

    If I put the cert (lisa.pfx) in the C:\Program Files\CA\DevTest folder and specify C:\Program Files\CA\DevTest\lisa.pfx as the ssl path in the Listener step, I can verify it.  However when deployed to the VSE, it throws errors saying it can't find the keystore at C:\Program Files\CA\DevTest\lisa.pfx.

     

    Alternatively, on the server, we have a property 

    lisa.net.keyStore=/ca/DevTest/lisa.pfx and

    lisa.net.keyStore.password_enc=l2ac5b2e8cb9d8310938621a97da2b1274bb10d79838e71123f47d3b1af5e689f3978ab1a49e01208973fdf9206ae

     

    If I specify {{lisa.net.keyStore}} in Workstation, it fails to verify (which I kind of expect).  But deploying to the VSE also throws an error that it can't find the keystore.

     

    Our dev teams need to import the cert into their application to ensure a trusted handshake and right now they can import the cert but when they connect to LISA they are getting the default self signed cert so it's not making the handshake and I need to get the VSE to respond with the cert in lisa.pfx.

     

    How do I make that happen?



  • 2.  Re: How to get VSE to recognize external trusted SSL cert

    Broadcom Employee
    Posted Aug 10, 2018 01:39 PM

    Hi Rob,

     

    Let me rephrase your situation, and you tell me if I'm understanding it correctly:

     

    You want to run an SSL enabled virtual service.  You specify the path to the certificate in the Listen step, and everything works great when executing locally.  But, when you deploy the VSM to VSE, it can't find the certificate (presumably because the path to the certificate is different on the server).

     

    Here's what I do.  In "local.properties" create a property like this:

     

      my.cert.folder=<path to cert folder>

     

    I configure the Listen step to point to:

     

    {{my.cert.folder}}/lisa.pfx

     

    On my local workstation, I use an appropriate value for "my.cert.folder".  In local.properties on the server, I give it a different value.  Now, references to the certificate will be portable across all DevTest workstations and the server.

     

    --Mike



  • 3.  Re: How to get VSE to recognize external trusted SSL cert

    Posted Aug 10, 2018 02:57 PM

    Creating entries in local.properties works for Workstation, I can verify the cert inside Workstation on the listener step but when I deploy to the VSE it throws the error java.lang.RuntimeException: Cannot load keystore file named /ca/DevTest9/lisa.pfx and we know that the properties are set the same on the VSE server.

     

    Does DevTest just not support PKCS12 format?  Do I need to convert to JKS?

     

    Rob Rubin

    BB&T, Assistant VP

    ADS Section Manager, DevOps COE

    919.745.5848

    RRubin@BBandT.com



  • 4.  Re: How to get VSE to recognize external trusted SSL cert

    Posted Sep 05, 2018 11:11 AM

    Hello Robert,

     

    PFX files should also work fine with your VSM deployed to the VSE.

     

    Is this still an issue for you?

    The exception indicates that the keystore was not found under /ca/DevTest9/lisa.pfx. Is the keystore available under this path? 

     

    You can also place the keystore under the $PROJECT_ROOT/Data folder and then deploy the service to VSE.

    The MAR file created and deployed to the VSE should contain the keystore (if it is under the project folder). You can also verify that by creating a MAR info file and then open it. You should be able to see your VSM, VSI and keytore together.

     

    Hope it helps.

    Heloisa