"Use SSL to client" is enabled in the VSM but the client application is not able to reach the VSM via HTTPS.

Document ID:  TEC1595601
Last Modified Date:  07/17/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Service Virtualization

Releases

  • CA Service Virtualization:Release:9.1
  • CA Service Virtualization:Release:10.0
  • CA Service Virtualization:Release:10.1.0
  • CA Service Virtualization:Release:9.5.1

Components

  • CA ITKO LISA Virtual Services Environment (VSE):ITKOVS
Symptoms:

'Use SSL to client' is enabled in the VSM/HTTP Listener step, but the client application is not able to get a valid response when sending HTTPS requests.

The same VSM works when a request is sent from a test case.

When we try to access the virtual service from a web browser, we get messages such as:

There is a problem with this website’s security certificate. 

The security certificate presented by this website was issued for a different website's address.

The security certificate presented by this website was not issued by a trusted certificate authority.

However, a valid response is received when the option "Continue to this website" is selected.

certificateWarning.PNG

Environment:
All supported DevTest releases.
Cause:

When enabling 'Use SSL to Client' in the Listener step, the properties below are used:

ssl.server.cert.path

ssl.server.cert.pass

By default, these properties point to the webreckeys.ks file under $DEVTEST_HOME folder - Local Properties File - ssl.server.cert.path

Webreckeys.ks is a self-signed keystore that (1) was not issued by a CA (Certificate Authority) and (2) was not issued to the VSE Server. The VSE server hostname or IP address is the address used to send a request to a VSM. 

(1) causes the type of message - The security certificate presented by this website was not issued by a trusted certificate authority.

(2) causes the type of message -  The security certificate presented by this website was issued for a different website's address.  

Resolution:

Generate a keystore with a key pair and a certificate issued by a CA (Certificate Authority) and issued to the VSE Server.

This new keystore and its password should be specified in the HTTP/S Listener step inside the virtual service model.

The service model needs to be redeployed.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >