Previous Topic: Opaque Data ProcessingNext Topic: Create and Deploy a Virtual Service with VSEasy


SSL with VSE Recording

During VSE recording, the SSL Server application is the System Under Test.

Use SSL to the Server

If Use SSL to the Server only is selected during recorder setup (and Use SSL to Client is not selected) the client sends a plain HTTP connection to DevTest but the recorder sends an HTTPS (SSL secured socket layer) request to the server application. In this case, client denotes the application or test case sending the request.

The certificate public key for the SSL Server application must be in the DevTest truststore to authenticate the Server certificate (or provide one-way authentication).

If the SSL Server requests Client Authentication (two-way authentication), LISA v6.0.8 and later uses the keystore identified in ssl.client.cert.path to send a client certificate from the recorder to the SSL Server application. The recorder simulates a client to complete the two-way client authentication, when Use SSL to the Server is selected.

Use SSL to the Server and Use SSL to Client

To record, the client or test case sends to the configured listen/record on port. The recorder Target Host is the real SSL server and the Target port is the SSL port that the SSL Server uses (typically, 443 or 8443).

During recording, the SSL handshake is between the client (recorder) and the SSL server. The server sends its certificate and DevTest authenticates it. If the server requests client authentication, the certificate that is in local.properties is used. If there is not a valid keystore in ssl.client.cert.path and the server requests client authentication, then a bad_certificate situation is returned because is not a certificate for the client recorder to return to the server.

During recording, the SSL handshake is between the client (application or test case) and the server (recorder). The recorder sends the certificate that is specified in the Use SSL to Client keystore. If SSL Keystore File is blank, the default keystore ({LISA_HOME]}\webreckeys.ks) is used. The recorder server does not request client authentication. The handshake is one-way authentication.

Playback of the VSM

If you select Use SSL to Client, an SSL handshake occurs between the client application or test case client and the VSM. The keystore that is provided in the VSM Listen step is used as the Server certificate for one-way authentication. There is no SSL handshake between the client and the VSM. The handshake is straight HTTP.

If the Live Invocation step was executed, an SSL handshake occurs between the VSM client to the real server. If the real server requests client authentication, the keystore in the HTTP/S Protocol Live Invocation step is used.

If the keystore contains multiple certificates, VSE uses the first one.