Attempts to log-in to the Secured web application while recording in IBM Rational Performance Tester (RPT) may led to the message - 'This Connection is Untrusted'.
The message is seen because, RPT acts as a proxy between the browser and the server application to record the data exchange. When a Secured page is recorded using RPT, the RPT proxy certificate is presented to the browser leading to the above message.
Creating and installing a digital certificate will help you get rid of the above message during RPT recording.
Digital certificate overview
The digital certificates feature enables you to run tests against servers that use Secure Sockets Layer (SSL) for applications that require client-side digital certificates to authenticate users.
A digital certificate is a file that binds a public cryptographic key with an identity (a user or an organization). Trusted certificate authorities issue digital certificates, which are then used to authenticate users and organizations for access to websites, email servers, and other secure systems. A certificate store is an archive file that contains almost any number of digital certificates, possibly certificates that are issued from different certificate authorities.
Creating a Digital certificate store
A digital certificate store can be created using the 'keytool' utility.
You will find the keytool utility file in the RPT_HOME\jdk\jre\bin directory. By default, it is located under C:\Program Files\IBM\SDP\jdk\jre\bin
Navigate to the below directory through the command prompt -
Type the following command and press enter
keytool.exe -genkeypair -alias my_certificate -keystore my_keystore.pfx -storepass my_password -validity 365 -keyalg RSA -keysize 2048 -storetype pkcs12
my_certificate is an alias for your certificate in the key store. You may never use it, but every new certificate in your key store must have its own alias.
my_keystore.pfx is the key store file, which will be generated as the result of the process. It will hold your certificate and a corresponding private key. You will be able to reuse this key store for next certificates you maybe will generate. One key store can contain many certificates.
my_password is the password, that protects your key store file. You will have to enter it every time you want to sign a document.
validity is the number of days your certificate will be valid. You may enter more than 365.
RSA is an algorithm used to generate the cryptographic keys, corresponding to your certificate.
2048 is the length of the cryptographic keys. The more the length the stronger the signature.
pkcs12 is the format of the key store file. PKCS#12 (a.k.a PFX) key stores can be understood by a lot of different programs and you can also import a PKCS#12 file in your Windows key store (just double click it and follow the instructions).
For additional information about parameters by certificate generation please see the official keytool documentation.
The certificate generation process will prompt you to enter some information about you. This information will be saved in the certificate. At the end you will have to confirm the entered information.
Once the information is confirmed, you will be prompted to enter the password. Enter the password given in the above command -
At the end you will find the new key store file my_keystore.pfx in your current directory.
Importing a Digital certificate into RPT
Import the certificate into the RPT project before recording.
Open the project in question -
Click on 'File' > 'Import' > 'General' > 'File system'. Import the required certificates into the project in RPT.
Imported certificates can now be used during RPT recording and playback -
Once you have the certificates in place, you may start recording a test with digital certificates. The below IBM info center link has details on recording a test with digital certificates:
IBM info center link with details on Playing back a test with Digital certificates: