Forum Discussion

test_api's avatar
test_api
New Contributor
8 years ago

HTTPS calls between ReadyAPI and a server are not being encrypted.

I don't think that the HTTPS handshake between ReadyAPI and the server is happening correctly.

 

The server has been enabled for TLS encryption.  

 

I added the server certificate, which is in .pks format, to ReadyAPIHome/jre/lib/security/cacerts. 

 

I am able to make HTTPS calls from ReadyAPI to the server.

 

Observing the traffic in Fiddler, however, it looks like responses are NOT encrypted as they are when I make HTTPS calls to other servers. 

 

Also, the HTTPS calls succeed whether or not the server certificate was added to cacerts, This makes me suspect that something is incorrect. 

1 Reply

Sort By
  • MarcusJ's avatar
    MarcusJ
    Moderator
    8 years ago

    Hi,

     

    "Observing the traffic in Fiddler, however, it looks like responses are NOT encrypted as they are when I make HTTPS calls to other servers"

     

    This sounds like an issue on the server side as the server is sending the responses, Ready API will not decide whether to encrypt the response or not as only the request will be encrypted to the server if encryption is used by Ready API.  Do you know what version of TLS is being used and what encryption algorithm is used on the server?

     

    "I added the server certificate, which is in .pks format, to ReadyAPIHome/jre/lib/security/cacerts. "

     

    This will make the JVM "trust" the certificate when connecting to the server it does not mean that it has to be added to cacerts file for requests to be sent successfully from Ready API if you have a valid certificate on your server.

     

     

    Regards,

    Marcus

    SmartBear Support