SSL Virtual Services

To use SSL, you need a keystore with private and public keys. If you do not have it, you need to generate it. The easiest way to do this is, perhaps, to use keytool – a command-line utility included in Java. Possible alternatives include Portecle or other tools.

Use a command line like this:

• Windows

  "C:\Program Files\Java\jdk-11\bin\keytool" -genkeypair -alias readyapi -keyalg RSA -keystore "C:\My folder\readyapi-keys.jks"

• Linux

  keytool -genkeypair -alias readyapi -keyalg RSA -keystore ./ready-api.jks

After you started keytool, answer some questions that are necessary for generating the keypair:

Click the image to enlarge it.

In our example, we used the following parameters:

For complete information on the command-line arguments, see keytool documentation on the Oracle website:

https://docs.oracle.com/en/java/javase/11/tools/keytool.html

After you generated the SSL keystore, you need to specify it in your virtual service settings:

1. Select your service in the Navigator panel. Switch to the property editor on the right of the product window.

2. In the Info section, select the https protocol, then click SSL Settings:

   

   Click the image to enlarge it.

3. In the subsequent Preferences dialog, configure the SSL settings.

   Note:

   The settings apply to ReadyAPI, they are not specific to your project or virtual service.

   • Select the Enable virtual service SSL check box to enable virtual APIs work through HTTPS.

   • In the Virtual service KeyStore box, specify the keystore file name.

   • In the Virtual service password field, enter the keystore password (not the keypair password).

   • In the Virtual service key password box, enter the keypair password.

     Keytool in Java 11 and later does not prompt you to generate a keypair password. In this case, enter the keystore password again in this box.

   • If you want to authenticate a client via a certificate, select the Client authentication check box and add the certificate to the service trust store. Otherwise, clear the option.

     How to add a client certificate to a trust store

     How to add a client certificate to a trust storeHow to add a client certificate to a trust store

     To perform the handshaking process, the virtual service must trust the client’s certificate. In other words, you must add the certificate to the virtual service’s trust store. If the certificate was signed by a certified authority, you must add all the intermediate certificates to the trust store, from the root certificate to the client’s one ("chain of trust").

     To import a certificate to a trust store, you can use the keytool command like this:

     keytool -import -alias ClientCert -file client.crt -keystore TrustStore

     In this example, we used the following parameters:

     -import commands the tool to import a certificate.

     -alias sets the name of the certificate entry.

     -file specifies the file name of the certificate to import.

     -keystore specifies the file name of the trust store.

     To learn how to sign requests in ReadyAPI, see SSL Client Auth.

   Save the changes.

After you configured your virtual service properties and set SSL parameters, you need to update requests in your functional tests or client code: in each request that you send to the service, replace the http protocol with https:

Click the image to enlarge it.

Start the virtual service, send test requests and check responses.