SSL
Planned Changes to Trust Manager in ReadyAPI 3.63.0 and 3.64.0
We plan to release improvements to the Trust Manager in ReadyAPI 3.63.0 and 3.64.0. These updates introduce more granular controls for handling self-signed certificates.
ReadyAPI will require you to specify and whitelist trusted certificates. This reduces the risk of man-in-the-middle attacks and preserves Transport Layer Security (TLS) protections.
Starting in ReadyAPI 3.63.0, a new interface lets you view, add, and whitelist SSL certificates. Certificates that previously triggered errors also appear in this view.
 |
These changes redefine how ReadyAPI manages trust and SSL certificates. Currently, ReadyAPI does not validate certificates for HTTPS calls. Starting from ReadyAPI 3.63.0, you can configure ReadyAPI to detect untrusted certificates and enforce whitelisting for certificates that previously encountered errors.
A new Trust Store section under SSL in Global Preferences will display a list of untrusted certificates that ReadyAPI encountered. When you select any certificate, the certificate details will display in a pop-up window.
Selecting one or more certificates and choosing Whitelist adds them to .cacerts in the .readyapi directory. Uploading a certificate file directly also adds it to .cacerts in the .readyapi directory.
On startup, ReadyAPI checks for .cacerts in the .readyapi folder. If no file exists, ReadyAPI creates a copy from the bundled Java .cacerts. A unified mechanism now links the Trust Manager to the .cacerts file in .readyapi.
This feature will be available but off by default in ReadyAPI 3.63.0 and enabled by default in ReadyAPI 3.64.0. This notice provides time to test the feature in 3.63.0 and prepare for its default activation in ReadyAPI 3.64.0.
To ensure the security and privacy of authentication, configure the keystore and virtual API SSL options.
To configure the SSL options:
Click
on the ReadyAPI toolbar.Select SSL in the left part of the ReadyAPI Preferences window and configure the necessary options.
The table below describes the available SSL options:
Option | Description |
|---|---|
Certificate Store | On the Windows platform only. If selected, ReadyAPI uses certificates located in the Windows Personal Certificate Store. |
KeyStore | The path to the keystore ReadyAPI uses to connect to the server. Notes:
|
KeyStore password | The keystore password. Notes:
|
Enable virtual service SSL | If selected, SSL support for virtual APIs is enabled. ImportantWhen you deploy a virtual API to VirtServer, these settings are not copied. For the deployed virtual services to support SSL, configure the virtSSL settings in the |
Virtual service port | Specify the port used in the SOAP VirtResponse test step when it simulates HTTPS responses. |
Virtual service KeyStore | The keystore to use for virtual API SSL certificates. |
Virtual service KeyStore password | The virtual API keystore password. |
Virtual service key password | The password for the virtual API default keys. ImportantIf your keystore does not use a key password (for example, if you generated it using keytool in Java 11 or later), enter the keystore password in this box. |
Virtual service TrustStore | The virtual API truststore to use (optional). |
Virtual service TrustStore password | The virtual API truststore password. |
Client authentication | If selected, virtual services require that clients submit an SSL client certificate to work with them. |