Identity stores and SSL

An identity store can group a collection of one or more certificates that can be used in HCL OneTest API to validate and authenticate connections that use SSL. After you create an identity store, you can use it to enable SSL communications in various messaging transports.

The underlying component of a HCL OneTest API identity store is a Java KeyStore. You can use an existing keystore that was created by using the JDK tools, or you can create a keystore when you create an identity store.

Once created, the following certificate types can be imported into an HCL OneTest API identity store:

  • Personal Information Exchange (PKCS#12)
  • Personal Information Exchange (PKCS#8)
  • X.509 Certificates

Identity stores can be used to hold trusted certificates that are used to verify that the servers your tests are connected to should be trusted. In this case, you might export certificates from your browser and then import the certificate file into an HCL OneTest API identity store. These certificates can then be used to verify the chain of trust from any certificate that a server sends to the HCL OneTest API client connection. Identity stores can also be used to hold keys (that is, certificates and their private key information), which are needed by tests and stubs to allow other parties (for example, clients) to verify their identity. These keys can be used when tests need to provide client credentials when the server requires SSL mutual authentication. The keys can also be used when stubs need clients to be able to verify their identity (for example, when clients connect to the stubs through SSL, such as when you use HTTPS).

Note: A client's identity store can be created only by using the JDK tool. The identity is created against a keystore that can then be used to identify one end of an SSL connection.

Creating an identity store

Identity stores are created in the Physical View of HCL OneTest API Architecture School perspective. You can create an identity store in one of two ways:

  • Select Identity Store from the General menu in the Physical View component toolbar.
  • Right-click the root of the physical resource tree and select New > General > Identity Store from the menu.

The new identity store is created under the Unconnected Resources in the Physical View.

Configuring an identity store

Follow the steps to configure a new or existing identity store in HCL OneTest API.

  1. Double-click the wanted identity store in the Physical View of Architecture School.

    The Identity Store editor is displayed.

  2. Click Select to locate and open an existing Java keystore (.jks) file. When prompted, enter the keystore password.
  3. To create a keystore with HCL OneTest API, click New and select the location and name of the new keystore.
  4. Click Import Certificate(s) to import a certificate into the selected keystore, then locate and open the wanted certificate file.
  5. To export an existing certificate (if it can be exported), select it and click Export Certificate.
  6. To delete a certificate from the keystore, select it and click Delete.