Identity stores and SSL

An identity store can group a collection of one or more certificates that can be used in HCL DevOps Test Integrations and APIs (Test Integrations and APIs) to validate and authenticate connections that use SSL. After you create an identity store, you can use it to enable SSL communications in various messaging transports.

The underlying component of a Test Integrations and APIs identity store is a Java KeyStore. You can use an existing keystore that was created by using the JDK tools, or you can create a keystore when you create an identity store.

Once created, the following certificate types can be imported into an Test Integrations and APIs identity store:

  • Personal Information Exchange (PKCS#12)
  • Personal Information Exchange (PKCS#8)
  • X.509 Certificates

Identity stores can be used to hold trusted certificates that are used to verify that the servers your tests are connected to should be trusted. In this case, you might export certificates from your browser and then import the certificate file into an Test Integrations and APIs identity store. These certificates can then be used to verify the chain of trust from any certificate that a server sends to the Test Integrations and APIs client connection. Identity stores can also be used to hold keys (that is, certificates and their private key information), which are needed by tests and stubs to allow other parties (for example, clients) to verify their identity. These keys can be used when tests need to provide client credentials when the server requires SSL mutual authentication. The keys can also be used when stubs need clients to be able to verify their identity (for example, when clients connect to the stubs through SSL, such as when you use HTTPS).

Note: A client's identity store can be created only by using the JDK tool. The identity is created against a keystore that can then be used to identify one end of an SSL connection.

Creating an identity store

Identity stores are created in the Physical View of Test Integrations and APIs Architecture School perspective. You can create an identity store in one of two ways:

  • Select Identity Store from the General menu in the Physical View component toolbar.
  • Right-click the root of the physical resource tree and select New > General > Identity Store from the menu.

The new identity store is created under the Unconnected Resources in the Physical View.

Configuring an identity store

Follow the steps to configure a new or existing identity store in Test Integrations and APIs.

  1. Double-click the wanted identity store in the Physical View of Architecture School.

    The Identity Store editor is displayed.

  2. Click Select to locate and open an existing Java keystore (.jks) file. When prompted, enter the keystore password.
  3. To create a keystore with Test Integrations and APIs, click New and select the location and name of the new keystore.
  4. Click Import Certificate(s) to import a certificate into the selected keystore, then locate and open the wanted certificate file.
  5. To export an existing certificate (if it can be exported), select it and click Export Certificate.
  6. To delete a certificate from the keystore, select it and click Delete.