"Use SSL to client" is enabled in the VSM but the client application is not able to reach the VSM via HTTPS.

Document ID : KB000007155
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

'Use SSL to client' is enabled in the VSM/HTTP Listener step, but the client application is not able to get a valid response when sending HTTPS requests.

The same VSM works when a request is sent from a test case.

When we try to access the virtual service from a web browser, we get messages such as:

There is a problem with this website’s security certificate. 

The security certificate presented by this website was issued for a different website's address.

The security certificate presented by this website was not issued by a trusted certificate authority.

However, a valid response is received when the option "Continue to this website" is selected.

certificateWarning.PNG

Environment:
All supported DevTest releases.
Cause:

When enabling 'Use SSL to Client' in the Listener step, the properties below are used:

ssl.server.cert.path

ssl.server.cert.pass

By default, these properties point to the webreckeys.ks file under $DEVTEST_HOME folder - Local Properties File - ssl.server.cert.path

Webreckeys.ks is a self-signed keystore that (1) was not issued by a CA (Certificate Authority) and (2) was not issued to the VSE Server. The VSE server hostname or IP address is the address used to send a request to a VSM. 

(1) causes the type of message - The security certificate presented by this website was not issued by a trusted certificate authority.

(2) causes the type of message -  The security certificate presented by this website was issued for a different website's address.  

Resolution:

Generate a keystore with a key pair and a certificate issued by a CA (Certificate Authority) and issued to the VSE Server.

This new keystore and its password should be specified in the HTTP/S Listener step inside the virtual service model.

The service model needs to be redeployed.