Versions Compared

Old Version 9

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2024.1

To configure SOAtest and Virtualize to work with Web services deployed using HTTPS (HTTP via the SSL), you need to identify and register the certificate being used for the HTTPS connection from the server:

  1. Close SOAtest and/or Virtualize if it is currently open.

  2. Identify the location of the server certificate used for the HTTPS connection.
  3. Ensure that this certificate’s COMMON NAME parameter contains both the server’s machine name and the subdomain (for example, machine.company.com).

  4. Copy the certificate to the following location:

    Virtualize:

    <virtualize_install_dir>/plugins/com.parasoft.ptest.libs.web_<virtualize_version_number>/root/lib

    SOAtest:

    <soatest_install_dir>/plugins/com.parasoft.ptest.libs.web_<soatest_version_number>/root/lib.

     This directory should contain a cacerts file in which the trusted certificates are stored.

  5. Execute a command of the following format:
    keytool -import -alias <certificate_alias> -file <certificate_file> -keystore cacerts
    For example, if your certificate file is named test.cert, you would execute the following command from the <INSTALL_DIR>/plugins/com.parasoft.ptest.libs.web_<VERSION>/root/lib directory:

    keytool -import -alias serverTrustCert -file test.cert -keystore cacerts
    This will import the certificate into the cacerts file with the alias "serverTrustCert".

    Info
    iconfalse
    titlekeytool path must be set

    Before executing keytool commands, you must first set your path to include Java's keytool executable. You can use the version of the Java binaries that ship with SOAtest and Virtualize.To add the included Java binaries to your path, open a command line prompt and enter the following before referencing the keytool:

    PATH =%PATH%; <INSTALL>\plugins\com.parasoft.ptest.jdk.eclipse.core.web.<OS>.<ARCH>_<VERSION>\jdk\bin

  6. When prompted to enter a keystore password, enter changeit.
  7. When asked whether you want to trust this certificate, enter yes. You will then see a message indicating that the certificate has been added to the keystore.
  8. (Optional) Verify that the certificate has been added to the keystore by entering the following command, then checking the file that opens:
    keytool -list -keystore cacerts

  9. Launch SOAtest or Virtualize and try to access the service again.

If you experience issues working with services deployed over HTTS, verify the following:

...

  1. Go to Parasoft > Preferences to open the Preferences dialog.
  2. Choose Parasoft > Security and enable Trust all certificates.
  3. Click OK or Apply to apply this change.

SOAtest/Virtualize will then try to access any WSDL you specify, regardless of any problems with the certificate. However, SOAtest/Virtualize will still try use the certificate while trying to send SOAP messages because it is required to do so.

Note
titleNote

You must add certificates to cacerts files on load test slave machines as well as on the master machine. Otherwise, SSL connections will not work when running a load test with slave machines.

If none of these procedures solve your problem, contact Parasoft in one of the ways described in Contacting Parasoft Technical Support.

Debugging SSL Issues

SOAtest and Virtualize run on a standard JVM. To show the SSL/TLS handshake details and help identify causes of SSL connection problems, enable JVM network and SSL debugging:

  1. Open a command line console and navigate to the SOAtest installation directory.
  2. Start the executable with the arguments:
    -J-Dssl.debug=true -J-Djavax.net.debug=all -consolelog

SOAtest/Virtualize will start normally, but whenever SSL connections are made, debugging output will be printed on the console.

If you wish to save the trace output to a file (for example, output.txt), you may append the following to the end of the command:

    > output.txt


Note

The redirection operator does not work when using soavirt.exe on Windows. In this case, you will need to copy the text from the console window. 


...

...

No Format
# build PEM file containing client certificate and certificate chain
cat ssl-certificate-file.crt ssl-certificate-chain.crt >ssl-certificate-all.pem

# build pfx file
openssl pkcs12 -export -in ssl-certificate-all.pem -inkey ssl-certificate-key.key -out keystore.pfx -name myname -CAfile ssl-certificate-chain.crt -caname mycaname

JMS SSL

See JMS.