Printer FriendlyEmail Article Link

Avalanche: How to setup a HTTPS/SSL test with certificate authentication on the Avalanche Commander? CA certificate, client and server certificates provided

Environment/Versions
  • Avalanche HTTPS / SSL
  • Certificates
Answer
  • The example explains how to setup a HTTPS between an Avalanche client and Avalanche server and setup the SSL certificate on client and server configuration windows.
  • The default subnets and IP addresses are used for both client and server.  If you need help with the configurations, please refer the HTTP test in how_to_test_different_protocols.pdf on FAQ10317
  • Setup
    1. In the Server Profile, select HTTPS and port 443 is automatically selected.
    2. In the Server Associations window, select the profile setup for HTTPS.  Next define the server IP address in the IPv4 Address Range field. It can also be a single IP address that will be the server IP address i.e. 192.168.1.1.
    3. In the Client Actions window, define the action for HTTPS for example 1 get https://192.168.1.1
    4. In the Client Associations window, select the action profile for HTTPS.
    5. The configuration for a HTTPS test is complete. You may run the test at this point (the test will run with SSL handshake without certificates exchange however).  
    6. To add certificates authentication go to Enable Certificate Authentication below.  
  • Enable Certificate Authentication - steps to enable both client and server authentication checking.   
    1. To add SSL certification authentication, go to Server Profile, click Edit SSL Configuration.
    2. Add your Certifying Authority Certificates and Certificate Revocation Lists, leave blank if none. The CA certificate will appear on the server's client's CA configuration.  If the SSL authentication is between the Avalanche server and the Avalanche client, be sure to select the same CA for both.  A CA certificate is provided in a zip file attached to the article.
    3. Add a server SSL certificate if required for your test.
    4. In the Client Authentication Level pull-down menu indicates if you want to require certificate checking.
      • No Certificate Checking - No Certificate Checking: Disables certificate verification.
      • Valid Certificate Optional - Valid Certificate Optional: If a certificate is specified, then it needs to be valid. It is acceptable not to specify a certificate.
      • Valid Certificate Mandatory - The certificate specified must be valid. It must be signed by a valid CA, and not expired or revoked, for the transaction to continue.
    5. Select Valid Certificate Mandatory - A server certificate is provided in a zip file attached. 
      • NOTE - The certificate file does not have a password. However when inserting the server certificate file on Avalanche, you need to enter a temporary SSL password in order to add file. If you are using your own certificate that has a password, enter a valid password.
    6. Go to Client Profile, select SSL.
    7. Add your Certifying Authority Certificates and Certificate Revocation Lists. Leave the Certificate Revocation field blank if not needed.   
    8. Add the User SSL Certificate; A client certificate is provided in a zip file attached
      • NOTE - The file does not have a password. However when inserting the file in the Avalanche SSL window, you need to enter a temporary SSL password in order to add the certificate; If you are using your own certificate that has a password, enter a valid password.
    9. For Server Authentication indicates if you want to require certificate checking.  Select Valid Certificate Mandatory for client to validate the server.
    10. Done.
Attachments
Attachment

Product : L4-7,Avalanche,SSL