Securing the Add Numbers service
You can use a secure connection to access the Add Numbers service.
About this task
To experiment with discovering, recording and virtualizing HTTPS traffic, the Add Numbers Client and Server supports HTTPS.
You can also use the Add Numbers example application to verify your HTTPS certificate configuration.
Procedure
- From a Command Prompt or Terminal window, start the Add Numbers Server and complete the information that is described in Starting the Add Numbers server and client.
- Change the Protocol field to HTTPS.
- On the SSL page, default values are preset for all fields. For a simple test, you can use these default values with no changes. Otherwise, you can select an SSL Protocol and enter a Key Store and Key Store Password. If you select Mutual Authentication, you can use the default values for Trust Store and Trust Store Password, or provide your own values. When you finish, return to the Settings page and click Start Service.
- Start the Add Numbers Client as described in Starting the Add Numbers server and client.
- Make sure that the Host Adapter and Port Number fields have the same values as those fields in the server. Change the Protocol field to HTTPS.
Results
What to do next
To use topology discovery, recording, or service virtualization on this secure connection, see Using discovery, recording or virtualization with the Add Numbers service and HTTPS.
To use the Add Numbers client to validate your HTTPS certificate configuration, see Using the Add Numbers Client to validate the HTTP certificate configuration.
Using discovery, recording or virtualization with the Add Numbers service and HTTPS
You can start the Add Numbers Client for topology discovery, recording, or service virtualization.
About this task
Configuring the Add Numbers Client to use the HTTPS proxy
Before you begin
About this task
The HTTPS proxy can be used in two different modes: as a standard proxy, or as a reverse proxy (by using forwarding rules). The difference between these two modes is described in Virtualizing HTTP.
Procedure
- To use the HTTPS proxy in standard mode:
- To use the HTTPS proxy in reverse proxy mode:
- Configure the HTTPS proxy to contain a forwarding rule
that is listening on some available local port, for example 2001 (that
is, the bind attribute) and is forwarding to the port that the Add
Numbers Server is listening on, which by default is
localhost:8088
(if the proxy is on the same computer as the Add Numbers Server). See Configuring a HTTP(S) reverse proxy or TCP port forwarding. - Change the host and port in the Add Numbers Client to point to the host on which the proxy is running, and the bind port that the forward rule is listening on (in this example, localhost and 2001).
- Configure the HTTPS proxy to contain a forwarding rule
that is listening on some available local port, for example 2001 (that
is, the bind attribute) and is forwarding to the port that the Add
Numbers Server is listening on, which by default is
Results
What to do next
Updating the Add Numbers Client's keystore
About this task
Procedure
- Open a new Command Prompt or Terminal window with appropriate permissions.
- Change your working directory to install_dir/examples/addnumbersclient.
- Copy the following file to the current directory:
QualityServer_install_dir/httptcp/greenhat.jks
Note: The directory from which you are copying is the installation directory for HCL OneTest™ API rather than for HCL OneTest™ API.. - Enter the following command:
../../jre/bin/keytool -export -alias mykey -file green.crt -keystore greenhat.jks
The following message is displayed:Enter keystore password:
Enter the following password:passphrase
The following message is displayed:Certificate stored in file <green.crt>
- Enter the following command:
../../jre/bin/keytool -import -trustcacerts -alias root -file green.crt -keystore addNumbersClient.jks
The following message is displayed:Enter keystore password:
Enter the following password:secret
Information about the certificate is displayed, and then the following message is displayed:Trust this certificate? [no]:
Enter the following response:yes
The following message is displayed:Certificate was added to keystore
Results
You can now start the Add Numbers Client for topology discovery, recording, or service virtualization. See Topology Discovery overview, Recording Studio, and HCL OneTest Virtualization overview.
Additionally, to validate your security certificate configuration, see Configuring the Add Numbers Client to use the HTTPS proxy.
Using the Add Numbers Client to validate the HTTP certificate configuration
Before you begin
About this task
The Add Numbers Client by default checks that the certificate is trusted. However, if you want to check that the server certificate is valid for the host that the Add Numbers Client is connecting to, you must enable hostname validation. (The hostname validation is disabled by default to allow portability of the Add Numbers Server when used for other procedures).
Procedure
- From a Command Prompt or Terminal window, start the Add Numbers Client and complete the steps that are described in Starting the Add Numbers server and client.
- Change the Protocol field to HTTPS.
- Configure the server or proxy with the certificate you
want to use:
- If you are connecting to the Add Numbers Server: Configure the keystore on the SSL page of the Add Numbers Server window. See Securing the Add Numbers service.
- If you are using the HTTPS proxy: Configure the HTTPS proxy to use the identity store (keystore) that contains the certificate that is used for the HTTPS communication. See HTTPS configuration settings in Modifying the configuration settings of the HTTP/TCP proxy.
- If you are connecting directly to a stub, configure the identity store that is used by that stub's transport. See Identity stores and SSL and Creating physical web server resources.
- Configure the Add Numbers Client's truststore to point to a keystore that contains the certificate that was given to the server, the proxy, or the stub (or that contains a certificate from that certificates chain of trust). See Updating the Add Numbers Client's keystore.
- On the SSL page of the Add Numbers Client, select Verify the server hostname against the certificate.