We need more information to help you determine how to resolve your issue because there are a variable number of possible setup issues. You will likely need to check with application developers and/or a security team member to determine if custom certificates are necessary.
Some of the things you will need to know or potentially configure are:
- What type of SSL is required between the client and the server?
- One-way or client to server
Do you need a specific, customer-defined/acquired certificate
- Two-way a.k.a. mutual auth where you need to add a trust store
- If custom certs in use, you likely need both the client and server certificates. DevTest acts as the client when sending the request to the server endpoint, and DevTest acts as the server when receiving the request from the client.
- Are you using TLS, and if so, did you enable this in DevTest local.properties or via VMOPTIONS
https.protocols=TLSv1,TLSv1.1,TLSv1.2
- When you started the recorder, did you configure the options needed for SSL
- Use SSL to Server
- Use SSL to Client
- Provide the default JKS keystore or a custom JKS
Some possible research links that may help get you started are:
Tech Tips: Getting JAVA Handshake Exception, Remote host connection, Between Servers When Staging a Test Case
Tech Tips: Configure 1-way SSL Working with Your Own Single Certificate and use HTTPS TLSv1.2 Communication with DevTest Components
How to switch from SSL to TLS certs
Help on implementing one-way SSL
Of SSL, SNI, Java and DevTest
One Testing Approach after you configure DevTest:
If possible,
- Obtain a valid request payload
- Set up a DevTest Test Case (REST, WebService XML, etc.) include the necessary payload and HTTP Headers
- Use the Pro option on the test case and set up custom SSL (JKS, etc.) information, if needed
- Use the Help menu bar item and select the HTTP/SSL Debug option.
- Execute the request from DevTest
- Check the output to see the SSL handshake.
- Once you are comfortable that SSL is working, go back to the recorder but recognize that you may still have a certificate requirement between the client and the recorder.
The above steps can assist in figuring out how the SSL works and where the potential problems are.