By default, virtual services work through unsecured connections (the HTTP protocol). You may want your service to work through HTTPS to test how clients work over secured connections (SSL).
To do this, you need:
A keystore with SSL keys.
Configure the Protocol settings of your virtual service.
1. Create SSL keystore
To use SSL, you need a keystore with private and public keys. If you do not have it, you need to generate it. The easiest way to do this is, perhaps, to use keytool – a command-line utility included in Java. Possible alternatives include Portecle or other tools.
|Tip:||Java is shipped along with ReadyAPI. You can find the keytool utility in the <ReadyAPI>/jre/bin directory.|
Use a command line like this:
"C:\Program Files\Java\jdk-11\bin\keytool" -genkeypair -alias readyapi -keyalg RSA -keystore "C:\My folder\readyapi-keys.jks"
keytool -genkeypair -alias readyapi -keyalg RSA -keystore ./ready-api.jks
After you started keytool, answer some questions that are necessary for generating the keypair:
In our example, we used the following parameters:
-genkeypair commands the tool to create a keystore.
-alias sets the name of the generated keypair.
-keyalg specifies the encryption algorithm to be used.
-keystore specifies the file name of the generated keystore.
For complete information on the command-line arguments, see keytool documentation on the Oracle website:
2. Configure SSL settings
After you generated the SSL keystore, you need to specify it in your virtual service settings:
Select your service in the Navigator panel. Switch to the property editor on the right of the product window.
In the Info section, select the https protocol, then click SSL Settings:
In the subsequent Preferences dialog, configure the SSL settings.
Note: The settings apply to ReadyAPI, they are not specific to your project or virtual service.
Select the Enable virtual service SSL check box to enable virtual APIs work through HTTPS.
In the Virtual service KeyStore box, specify the keystore file name.
In the Virtual service password field, enter the keystore password (not the keypair password).
In the Virtual service key password box, enter the keypair password.
Keytool in Java 11 and later does not prompt you to generate a keypair password. In this case, enter the keystore password again in this box.
If you want to authenticate a client via a certificate, select the Client authentication check box and add the certificate to the service trust store. Otherwise, clear the option.How to add a client certificate to a trust storeHow to add a client certificate to a trust store
To perform the handshaking process, the virtual service must trust the client’s certificate. In other words, you must add the certificate to the virtual service’s trust store. If the certificate was signed by a certified authority, you must add all the intermediate certificates to the trust store, from the root certificate to the client’s one ("chain of trust").
To import a certificate to a trust store, you can use the
keytoolcommand like this:
keytool -import -alias ClientCert -file client.crt -keystore TrustStore
In this example, we used the following parameters:
-importcommands the tool to import a certificate.
-aliassets the name of the certificate entry.
-filespecifies the file name of the certificate to import.
-keystorespecifies the file name of the trust store.
To learn how to sign requests in ReadyAPI, see SSL Client Auth.
Save the changes.
3. Change test requests
After you configured your virtual service properties and set SSL parameters, you need to update requests in your functional tests or client code: in each request that you send to the service, replace the http protocol with https:
Start the virtual service, send test requests and check responses.