Versions Compared

Old Version 2

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Chieko Sugizaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2023.1

...

You should deploy the Virtualize server in a secure manner on a trusted network. The Virtualize server hosts web services that can be used to manage virtual assets, so any so any host with network access to the Virtualize server can add, modify, or remove virtual assets hosted by that Virtualize server. You  You could use a proxy server or gateway in front of the Virtualize server to apply additional layers of security other than what is provided by the Virtualize server.

...

  1. (Preferred) Create a certificate for the Virtualize server, sign it with a certificate authority that is trusted by the AUT, and issue it for the host where the Virtualize server is installed. With this option, you don’t need to make any changes to the AUT.
  2. Configure Virtualize Server with a generated (possibly self-signed) certificate and add it to the trust store of the AUT.
  3. Add your actual server certificate to Virtualize. This option assumes that access to the server certificate and keys is possible—and possible and that changes to the AUT are difficult or should be avoided. However, this option may not be possible if the certificate was signed for a hostname other than the hostname where Virtualize is deployed.
  4. Disable certificate trust in the AUT. The AUT would still connect over SSL but trust any server (such as the Virtualize server) without validating its certificate or its trust paths.

For the AUT to accept a certificate/private key pair, you generally need—at minimum—a self-signed certificate/private key pair whose common name (CN) parameter matches the fully-qualified name of the server. For example, if your Virtualize server URL is http://myserver.mycompany.com, the CN parameter should be "myserver.mycompany.com".

...

SSL details can be configured by modifying the SSL HTTP/1.1 Connector entry in server.xml. For example:

Code Block
languagexml
<Connector port="9443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Path To Keystore/virtualize.pfx"
keystorePass="security" keyAlias="virtualize" keystoreType="PKCS12" truststoreFile="../lib/cacerts"
truststorePass="changeit" truststoreType="JKS" />

To access the server.xml file, launch Virtualize and ensure that at least one responder has been created. The file is located in the <INSTALL>INSTALL-DIR>/plugins/com.parasoft.ptest.libs.web_<version><VERSION>/root/tomcat/conf directory.

keystoreFile

The value you set for the keystoreFile attribute in server.xml depends on your configuration option

If you use the preferred option (option 1) or option 2, use the path to the generated server keystore. Although the keystore paths can be relative to the location of the server.xml file, it is best to provide absolute paths in order to ensure correct configuration. 

If you use option 3, the attribute should point to the same keystore file as the actual SSL-based service that you want to emulate. Use forward slashes (/) instead of backward slashes (\). For example, C:/Users/myUser/keystore.jks.

With option 4, you do not need to modify the keystoreFile attribute.

...

Set the keystorePass attribute to be the password to your keystore.

keyAlias

Set the keyAlias attribute attribute to point to the alias of the certificate/private key pair.

keystoreType

Set the keystoreType to the type of keystore you are using, such as PKCS12, JKS, BKS, UBER, or PEM.

...

  • Modify truststoreFile to point to your keystore file. Use forward slashes (/) instead of backward slashes (\). For example, C:/Users/myUser/keystore.jks.
  • Modify truststorePass to to be the password to your keystore.
  • Modify truststoreType to to PKCS12, JKS, BKS, UBER, or PEM—depending PEM, depending on the type of keystore you're using.

...

The default SSL connector (the one with attribute name="default") port number should be changed in the Virtualize server preferences (see Server Settings for details). When Virtualize starts, the preferences settings will take precedence over the server.xml settings.

You may add additional Connector elements to server.xml with distinct names and distinct SSL/certificate configurations as needed. Virtual assets and proxies cannot be mapped to specific Connector ports. A message received on a particular connector/port could be processed by any virtual asset based on header, URL and message content correlation criteria within the virtual asset path, proxy path or responder correlation rules, but not based on the port.

...

Add the relaxedPathChars and relaxedQueryChars attributes to the <Connector> element in the server.xml file and specify the characters you want to allow. If there is more than one <Connector> element, add the attributes to the elements with the protocol set to HTTP and HTTPSThe file is located in the <INSTALL>INSTALL-DIR>/plugins/com.parasoft.ptest.libs.web_<version><VERSION>/root/tomcat/conf directory.

Example:

Code Block
languagexml
<Connector
   URIEncoding="UTF-8" allowTrace="true" connectionTimeout="20000"
   enableLookups="true" name="default" port="9080" protocol="HTTP/1.1"
   redirectPort="9443" 
   server="Parasoft Server"
   relaxedPathChars="&quot; &lt; &gt; [ \ ] ^ ` { | }"
   relaxedQueryChars="&quot; &lt; &gt; [ \ ] ^ ` { | }"
/>

...

If the application under test sends and receives messages through an MQ Queue Manager or JMS provider, click the Connections to tab to define connection settings. Assets and proxies deployed to the Virtualize server can be configured to use the connection settings to communicate with the application under test. You can perform the following actions:

...

Choose one of the following modes from the drop-down menu:

  • Default - allows : allows you to manually enter enter connection details, such as host, port, and channel.
  • CCDT - allows : allows you to specify a client channel definition table (CCDT) file that provides connection details.
  • Bindings - : use Bindings mode when the queue manager and connected applications are running on the same system. The IBM WebSphere MQ Java API connects directly to the queue manager using the Java Native Interface (JNI). To use the bindings transport, the IBM MQ classes for JMS must be run in an environment that has access to the IBM MQ Java Native Interface libraries.

...

If login credentials are required, specify the user name username in this field.

Password

If login credentials are required, specify the password in this field.

SSL Properties

Enable the Use SSL when connecting to the service option and configure the SSL settings if the virtual assets and message proxies hosted on the Virtualize Server are required to communicate with the service under test over SSL. 

Enable the Enable Trust all server certificates option to allow Virtualize Server to accept any certificate. This option disables trust validation when virtual assets or message proxies on the server establish connections with services and forces assets or proxies to accept connections using any certificates services present. In general, this option should be enabled if certificate trust is not a focus for the environment where Virtualize is deployed.

...

Specify the key store file, key store password, and key store type to be used by the queue manager to authenticate virtual assets and assets and message proxies over SSL.   If If the MQ Channel does not require SSL, then the key store settings are not required. After configuring the key store settings, click Validate to verify that the settings are configured correctly. 

...

  1. Open the server settings that contains the connection configuration you want to copy. For example, if you want to copy the connection settings from a remote server to your local instance, open the remote server's configuration panel.
  2. Click the Connections tab and choose the connection configurations you want to copy. You can copy a single connection or multiple connections by pressing and holding the CTRL-clicking or COMMAND key-clicking.
  3. Click Copy and specify destination server for the connection settings from the drop-down menu.
  4. Click OK to copy the settings. Settings will not be copied if they already exist on the destination server. 

...

By default, the local Virtualize server uses port 9080. To change this:

  1. Choose Parasoft> Go to Parasoft > Preferences.
  2. Open Parasoft> Parasoft > Server.
  3. Change the port settings.
  4. Restart the server.

...