Service Virtualization

Hi,

I have a requirement to create https virtual service. When client calls the service, its expecting to call https and not http .So I need to create a virtual service which should have service url of https.

I understand the live invocation step having server side SSL to call live https service but not sure how to create https REST service from RR pairs.

Please suggest.

Any suggestion here please. I am stuck and need to implement asap. Please check and suggest the solution.

Regards,

Ritu

Hi Ritu,

May I know what version of SV you are using?

You can do this from Workstation.

Follow the steps:

1. Create New VS Image -> From Request/Response pairs

2. Provide vsi and vsm names as appropriate (I gave: httpsvirtualserviceusingrrpair)

3. Upload the RR pair and choose Transport protocol as HTTP/S

4. Click Configure

5. Provide Listen port, Target host and Target port as appropriate. In order to create HTTPS based virtual service, you need to use SSL to Server and Client. Select both the check boxes for two-way SSL connection. And you need keystore file for this SSL connection. In my case, I have used default DevTest keystore file.

Docops for reference:

HTTP/S Transport Protocol - DevTest Solutions - 10.4 - CA Technologies Documentation 

Note: the Docops doesn't talk about creating VS using RR pair but this will help to understand about HTTPS.

6. Click Finish

7. Click Next

8. Choose DPH if needed or based on the RR pair, the DPH will be auto-selected. In my case, I have used SWIFT protocol RR pairs and hence my DPH is SWIFT Data Protocol.

9. Click Next

10. Click Finish

11. You can observe from the vsi that the request and response are capture correctly.

12. Now Deploy the vsm.

13. You can find from the Portal that HTTPS virtual service is running on Port 8002.

14. I have tested the deployed virtual service using Postman. 

Hope this help!

Regards,

Giri

when I am trying to  consume the created virtual services from postman/soapui, I'm not able to reach to the service. Not sure what is missing.

I'm using Devtest 10.4.

Your environmental setup may require a custom certificate - there is no way for us to know for certain in this forum.

The best likely course is to open a ticket and have someone from Support help you figure this out.

A few things you might research as information for the Support team are:

• In VSE, you cannot run an HTTP and HTTPS service on the same endpoint port. Make sure your HTTPS service is running on a port where no HTTP services are listening. Mixing HTTP and HTTPS creates confusion for the VSE. When a request comes in, the transport does not know whether to use HTTP or HTTPS for the initial handshake.

• Do you have TLS enabled in DevTest

https.protocols=TLSv1.2,TLSv1.1,TLSv1 set in local.properties on the VSE and workstation

• Is your Postman/SoapUI client running on a different host machine? (I am guessing the answer is, yes.)

In Workstation, setup an HTTPS call inside a Test Case.  Send the request to your VSM using the standard DevTest JKS file. Make sure everything is working internal to DevTest before branching out to other consumer technology stacks.

Then, 

Set the service to act as HTTP (i.e., turn off HTTPS in the VSM)

Send an HTTP request from the Postman/SoapUI client and see if you get a response

This can help rule out firewalls.  Alternatively, you might try to telnet to the service using a CMD prompt.

Then, 

Proceed to testing with HTTPS.

Check settings in SoapUI for SSL. Is your SoapUI client pointing to a custom certificate?

If yes, this would indicate you likely need to have the service use custom JKS files.

If no, this would indicate that SoapUI and Postman are likely using the certificates that a browser such as IE would use.  Open IE browser, Go to Internet Options, CLICK Content tab, CLICK Certificates button. This might display some internal certificates issued specifically for your organization. It may be that one of these certificates are needed.

The types of testing above will be helpful to the Support team when you start explaining what you've done and what is occurring.

If the service is already built from R/R pairs,

- Open the VSM

- Open the LISTEN Step 

- Check Use SSL to Client.

This will use the OOTB DevTest certificates that work with the majority of consumers.

If recording the service, Review the previous post.

The above configurations use DevTest's OOTB certificates which work in the majority of cases. However, if your requirement is to use custom certificates, you need to configure those certificates so DevTest knows where they are located. That would be a separate discussion.

Thank you very much Giri and Joel. Much appreciated!

One qq- if I create https virtual service with DevTest OOTP certificates, does client application need to have any info for this certificate or we can just share the service url like- https://hostname:port/basepath and they should be good consuming this service.

Also, I am just going to try these suggestions and post the updates.

Thanks much again!

Regards,

Ritu

RItu,

I created using DevTest OOTB certificate for both SSL to Server and Client (which you can see from my steps) and just used https://hostname:port and it worked.

Regards,

Giri

not sure the actual issue but when I am trying to use a port on which one http service is running, its not reachable. Now I tried with new port and only services is running is my https one. It worked. I might be missing with concept but this is how it happens.

Finally its working and many thanks for your help!!!!

Regards,

Ritu

I think the issue is the mixing HTTP and HTTPS on the same port.  DevTest supports HTTP/S transports, but it is not built to handle a mixture on the same port like other HTTP servers or proxy servers might be.

Think about this way... 

Suppose you deploy an HTTP service with a base path of "/someService" to port 8010.

And, suppose you deploy an HTTPS service having base path of "/someService" to port 8010.

When the transaction comes in, do you use HTTP or HTTPS for the communications?

Even though the HTTP and HTTPS base paths may be different, I think DevTest is struggling to understand how to interpret the request. This is likely due to the internal manner in which DevTest "queues" incoming transactions.

Yes Joel. I been struggling as I deployed http and https both on same port but got good understanding. I will  open a support ticket to investigate further. 

Big thanks!

regards,

Ritu