Using SSL communication between DevTest components

Document ID : KB000113672
Last Modified Date : 19/10/2018
Show Technical Document Details
Introduction:
How to configure SSL between DevTest components using my own keystore.
Environment:
All Supported DevTest releases.
Instructions:
Here are the steps to configure SSL between all DevTest components and using your own keystore.

In the local.properties enabled the following property:
lisa.net.default.protocol=ssl
This property enables SSL communication between components - Registry, Broker, Coordinator, Simulator, VSE, and Workstation
If DevTest is installed in a distributed environment, the property above needs to be enabled in each server.

By default DevTest will use the webreckeys.ks. A self-signed keystore delivered with DevTest issued to Lisa.
To use your own keystore and not the webreckeys.ks, provide your keystore under the properties below in the local.properties file in the Registry server: 
lisa.net.keyStore={{LISA_HOME}}keystore.jks
lisa.net.keyStore.password=PlainTextPasswordWilBeConvertedToEncrypted

When you are using your own keystore, you will need to create a truststore with the keypair certificate and provide it with the two properties below:
lisa.net.trustStore={{LISA_HOME}}truststore.ts
lisa.net.trustStore.password=PlainTextPasswordWilBeConvertedToEncrypted

More details to create the truststore in the link below:
https://docops.ca.com/devtest-solutions/10-3/en/administering/security/using-ssl-to-secure-communication/use-your-own-self-signed-certificate/

If you have a distributed environment, the truststore needs to be provided in each remote server as well. 
Without the truststore, the Coordinator, Simulator, VSE and Workstation will not be able to connect to the Registry.
You will start seeing the following messages in the registry.log file:
SEVERE: Could not accept connection : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

Still in the Registry server, edit the local.properties and enable the following properties:
lisa.webserver.https.enabled=true
lisa.webserver.ssl.keystore.location={{LISA_HOME}}webserver.ks
lisa.webserver.ssl.keystore.password=yourpassword
lisa.webserver.ssl.keymanager.password=yourpassword
lisa.portal.url.prefix=https://
These properties enable HTTPS on port 1505 - the previous DevTest Console.

With the settings above you will enable SSL communication between DevTest components, but Portal and Enterprise Dashboard will still be responding via HTTP and not HTTPS.

To enable HTTPS with Enterprise Dashboard and Portal, please follow the steps below: 

In the Enterprise Dashboard Server, edit the dradis.properties file and uncomment the following properties, provide your own keystore or leave the default:
dradis.webserver.https.enabled=true
dradis.webserver.ssl.keystore.location=keystore.jks  (do not provide {{DRADIS_HOME}}, place the keystore under LISA_HOME and provide the keystore name in this property)
dradis.webserver.ssl.keystore.password=yourpassword
dradis.webserver.ssl.keymanager.password=yourpassword

In the Registry server, enable the property below. This property is available on the site.properties file:
devtest.enterprisedashboard.https.enabled=true
This property tells the Registry to connect to the Enterprise Dashboard over SSL.

In the Portal server, edit the phoenix.properties file, uncomment and configure the following properties:
registry.https.enabled=true
phoenix.https.enabled=true
phoenix.ssl.keystore=${LISA_HOME}/keystore.jks
phoenix.ssl.keystore.password=yourpassword
phoenix.ssl.keymanager.password=yourpassword

Save the modified properties files.
Restart DevTest components.