Service Virtualization

Issue/Introduction:
How to enable HTTPS and SSL between DevTest Components Using Your Own Keystore

Environment:
All supported releases and platforms of DevTest.

Resolution:

The keystore will need to have the entire needed certificate chain (root, intermediate, server).

Put the keystore in the DEVTEST_HOME folder of where each component is running.

Update these properties files and restart DevTest Components:


iam.properties file of where Identity Access Manager (IAM) is running: By default IAM is https enabled.

iam.keystore=${IAM_HOME}certs/<your keystore here>
iam.keystore.password=<your keystore password, it gets stored in vault after IAM is started>
iam.truststore=${IAM_HOME}certs/<your trustore here, normally your keystore>
iam.truststore.password=<your trustore password, it gets stored in vault after IAM is started>


dradis.properties file of where your Enterprise Dashboard is running:

dradis.webserver.https.enabled=true
dradis.webserver.ssl.keystore.location=${DRADIS_HOME}YOURKEYSTORE
dradis.webserver.ssl.keystore.password=(your keystore password)
dradis.webserver.ssl.keymanager.password=(your keymanager password)


site.properties file of where Registry is running:  (this can also be defined in the local properties)

devtest.enterprisedashboard.https.enabled=true


phoenix.properties of where Portal is running:

registry.https.enabled=true

phoenix.https.enabled=true
phoenix.ssl.keystore=${LISA_HOME}/(your keystore)
phoenix.ssl.keystore.password=(your keystore password)
phoenix.ssl.keymanager.password=(your keymanager password)


local.properties file of where each DevTest component is installed in case distributed:

lisa.net.keyStore={{LISA_HOME}}/(your keystore)
lisa.net.keyStore.password={{LISA_HOME}}/(your keystore)

lisa.net.trustStore={{LISA_HOME}}/(your keystore)
lisa.net.trustStore.password={{LISA_HOME}}/(your keystore)

lisa.net.default.protocol=ssl

lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}/(your keystore)
lisa.webserver.ssl.keystore.password=(your keystore password)
lisa.webserver.ssl.keymanager.password=(your keymanager password)

lisa.portal.url.prefix=https://


vscatalog.vmoptions (if running as a server) or vscatalogService.vmoptions (if running as a service) of where the VS Catalog is running:

-Dsvcatalog.auth.host.url=https://IAM_MACHINE:51111/auth                                   <=== where your IAM is running
-Dserver.ssl.key-store=file:///C:/DevTest10.6.0/VSCatalog/YOURKEYSTORE         <=== fully qualified path to where your keystore is)
-Dserver.ssl.key-password=YOURKEYSTOREPASWD                                            <=== password of keystore (note it will not get encrypted)
-Dserver.ssl.key-alias=KEYSTOREALIASNAMEOFYOURKEYPAIR                         <=== make sure the alias name has no spaces
-Dserver.ssl.key-store-provider=SUN
-Dserver.ssl.key-store-type=JKS
-Dlisa.webserver.https.enabled=true


Note: When starting SSL enabled Broker service , if you face any SSL issues, please see the document link below

https://knowledge.broadcom.com/external/article?articleId=205742

This is also a KB article: https://knowledge.broadcom.com/external/article?articleId=109006

------------------------------
Technical Support Engineer III
Broadcom, Inc
------------------------------

Thanks for posting this Marcy!

------------------------------
Head of Service Virtualization Product Management
CA Technologies - A Broadcom Company
------------------------------

Original Message:
Sent: 01-27-2021 03:38 PM
From: Marcy Nunns
Subject: Tech Tips: Enable HTTPS and SSL between All DevTest Components Using Your Own Keystore

Issue/Introduction:
How to enable HTTPS and SSL between DevTest Components Using Your Own Keystore

Environment:
All supported releases and platforms of DevTest.

Resolution:

The keystore will need to have the entire needed certificate chain (root, intermediate, server).

Put the keystore in the DEVTEST_HOME folder of where each component is running.

Update these properties files and restart DevTest Components:


iam.properties file of where Identity Access Manager (IAM) is running: By default IAM is https enabled.

iam.keystore=${IAM_HOME}certs/<your keystore here>
iam.keystore.password=<your keystore password, it gets stored in vault after IAM is started>
iam.truststore=${IAM_HOME}certs/<your trustore here, normally your keystore>
iam.truststore.password=<your trustore password, it gets stored in vault after IAM is started>


dradis.properties file of where your Enterprise Dashboard is running:

dradis.webserver.https.enabled=true
dradis.webserver.ssl.keystore.location=${DRADIS_HOME}YOURKEYSTORE
dradis.webserver.ssl.keystore.password=(your keystore password)
dradis.webserver.ssl.keymanager.password=(your keymanager password)


site.properties file of where Registry is running:  (this can also be defined in the local properties)

devtest.enterprisedashboard.https.enabled=true


phoenix.properties of where Portal is running:

registry.https.enabled=true

phoenix.https.enabled=true
phoenix.ssl.keystore=${LISA_HOME}/(your keystore)
phoenix.ssl.keystore.password=(your keystore password)
phoenix.ssl.keymanager.password=(your keymanager password)


local.properties file of where each DevTest component is installed in case distributed:

lisa.net.keyStore={{LISA_HOME}}/(your keystore)
lisa.net.keyStore.password={{LISA_HOME}}/(your keystore)

lisa.net.trustStore={{LISA_HOME}}/(your keystore)
lisa.net.trustStore.password={{LISA_HOME}}/(your keystore)

lisa.net.default.protocol=ssl

lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}/(your keystore)
lisa.webserver.ssl.keystore.password=(your keystore password)
lisa.webserver.ssl.keymanager.password=(your keymanager password)

lisa.portal.url.prefix=https://


vscatalog.vmoptions (if running as a server) or vscatalogService.vmoptions (if running as a service) of where the VS Catalog is running:

-Dsvcatalog.auth.host.url=https://IAM_MACHINE:51111/auth                                   <=== where your IAM is running
-Dserver.ssl.key-store=file:///C:/DevTest10.6.0/VSCatalog/YOURKEYSTORE         <=== fully qualified path to where your keystore is)
-Dserver.ssl.key-password=YOURKEYSTOREPASWD                                            <=== password of keystore (note it will not get encrypted)
-Dserver.ssl.key-alias=KEYSTOREALIASNAMEOFYOURKEYPAIR                         <=== make sure the alias name has no spaces
-Dserver.ssl.key-store-provider=SUN
-Dserver.ssl.key-store-type=JKS
-Dlisa.webserver.https.enabled=true


Note: When starting SSL enabled Broker service , if you face any SSL issues, please see the document link below

https://knowledge.broadcom.com/external/article?articleId=205742

This is also a KB article: https://knowledge.broadcom.com/external/article?articleId=109006

------------------------------
Technical Support Engineer III
Broadcom, Inc
------------------------------