TC410-001
| Test case ID | TC403-001 |
| Author | Honar Abdi |
| Date | 18.3.2024 |
| Class | Security |
Test Description/Objective
The objective of this test case is to verify the successful implementation of HTTPS connection for the web application in accordance with Use Case UC10 (FEA410).
Links to Requirements or Other Sources
Test Pre-State
- The web application is deployed and accessible.
- The platform engineer has administrative access to the web server and network configuration tools.
- A valid domain name is pointed to the server's IP address.
Test Steps
| # | Action | Expected Result |
|---|---|---|
| 1 | Generate a CSR (Certificate Signing Request) | The CSR should be generated successfully. |
| 2 | Submit the CSR to the Certificate Authority (CA) | The CA should provide an SSL/TLS certificate. |
| 3 | Install the SSL/TLS certificate on the web server | The certificate installation should be successful. |
| 4 | Configure HTTPS redirection on the web server | HTTPS redirection should be configured correctly. |
| 5 | Apply firewall rules on the network | Firewall rules should be applied without errors. |
| 6 | Configure secure protocols (SSH, SFTP) on the network | Secure protocols should be configured properly. |
| 7 | Access the web application via HTTPS | The web application should be accessible over HTTPS. |
| 8 | Verify the SSL/TLS certificate validity | The certificate should be valid and not expired. |
To Be Taken into Account During Test
- Ensure that the CSR is generated using the appropriate cryptographic standards.
- Verify the SSL/TLS certificate provided by the CA for authenticity.
- Test HTTPS access from different browsers and devices.
- Check for any mixed content issues after enabling HTTPS.
PASS/FAIL Criteria
- PASS: HTTPS connection is successfully established, and the web application is accessible over HTTPS without errors. The SSL/TLS certificate is valid and properly configured.
- FAIL: HTTPS connection fails to establish, HTTPS redirection or SSL/TLS certificate installation/configurations are incorrect, or the certificate is expired or invalid.