SSL Client Auth

Applies to ReadyAPI 3.51, last modified on March 04, 2024

ReadyAPI can use SSL client certificates to secure your connection to the server.

About client certificate authentication

When setting up an HTTPS connection, your client requests a certificate from the server to establish the server identity. This creates a secure connection, but the server does not know who the client is. To make sure the client who can access the secure server is qualified, you use client certificate authentication.

When you use client authentication, the client sends its SSL certificate after it verifies the server identity. Then, the client and server use both certificates to generate a unique key used to sign requests sent between them.

ReadyAPI can use your certificates to secure the interactions with the server.

Requirements

  • ReadyAPI supports JKS (.jks), JCEKS (.jceks), and PKCS12 (.p12, .pfx) keystores.

  • The certificate file you use must contain the entire certificate chain including the root certificate. Otherwise, the server may fail to verify the client identity.

  • Use a valid certificate that a server can trust. The certificate must have a digital signature from the authority trusted by the server, a valid expiration date, and should not be revoked.

Using client certificates

For all requests
  1. Open the ReadyAPI Preferences dialog:

    API testing: Opening ReadyAPI settings

    Click the image to enlarge it.

  2. Switch to the SSL page. On this page, specify the KeyStore that contains the client certificate and the KeyStore password.

    If you use Windows, you can also use certificates located in the Windows Personal Certificate Store. For this, enable the Certificate Store option.

    API testing over SSL: Set up certificate for all requests

    Click the image to enlarge it.

For a specific request
  1. Select an element in the APIs node in the Navigator panel and click Auth & Security > WSS Config on the toolbar:

    Configure SSL for a request: WSS Config button

    Click the image to enlarge it.

    This will open the WS-Security configuration dialog.

  2. In the dialog, switch to the Keystores tab and click :

    API testing over SSL: Keystores tab

    Click the image to enlarge it.

  3. Select the keystore file and specify the password. If the keystore is imported successfully, the Status column will display OK:

    API testing over SSL: Configured keystore

    Click the image to enlarge it.

    Close the WS-Security Configuration dialog.

  4. Select the request you want to apply the certificate to (you can select the request in the Navigator panel in Projects or select the request test step in ReadyAPI Test). Use the drop-down list in the SSL Keystore property to select the keystore:

    API testing over SSL: Keystore applied to the request

    Click the image to enlarge it.

Tip: Request properties depend on the environment you use. When working with multiple servers that require different certificates, set up environments to quickly switch the certificate used.

See Also

Configuring Requests
SSL Virtual Services
SSL

Highlight search results