If your organization uses an SSL proxy that alters all certificates on the internet, including the SSL certificate from your qTest site, to your own certificate that is not trusted by Automation Host embedded Java, the Automation Host will fail to access to qTest Manager and some errors like below will appear in the console or in the logs:
- FetchError: request to https://<your qtest site url>/../ failed, reason: self signed certificate in certificate chain
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The solution is to import the public certificate of your qTest site to Automation Host's embedded Java keystore. Follow these instructions to export the public certificate of your qTest site then import that certificate to Automation Host's embedded Java.
Export Public Certificate of your qTest Site
1. Open Chrome browser. Login to your qTest site. Click on Secure icon in the address bar.
2. From the popup Windows, click on Certificate (Valid) item.
3. From Certificate dialog, click on Details tab.
4. Next, click on Copy to file... button
5. From Certificate Export Wizard dialog, click Next.
6. Make sure the option DER encoded binary X.509 (.CER) is selected. Click Next.
7. Click Browse... button
8. On Save As dialog
- Select a folder location where you want to store the certificate
- Enter the name of the certificate to File name field
- Click Save
9. You will be back to Certificate Export Wizard dialog. Click Next.
10. Click Finish.
Import public certificate of your qTest site to Automation Host's keystore
Access to the host machine where your automation host is located.
If the automation host is running in the console (Terminal on Linux or MacOS or Command Prompt on Windows), stop it by pressing Ctrl + C.
Still in the console, navigate to agentctl folder. Run the following command to import the public certificate to Automation Host's embedded Java keystore.
/path/to/agentctl-<version>$ /server-jre/bin/keytool -import -noprompt -trustcacerts -alias <AliasName> -file <certificate> -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
- <AliasName> an alias for this certificate
- <certificate> the path to the certificate you exported in previous step
Below command will import the certificate you exported in the steps above to Automation Host's embedded Java keystore.
C:\qtest-automation-host\agentctl-2.1.1> server-jre\bin\keytool -import -noprompt -trustcacerts -alias qtestcert -file "C:\users\tructran\Documents\cert.cer" -keystore server-jre\jre\lib\security\cacerts -storepass changeit
Copy the public certificate to a directory in that host machine, for example: /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
Copy the public certificate to a directory in that host machine, e.g. /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/Contents/Home/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cer.cer -keystore ./server-jre/Contents/Home/lib/security/cacerts -storepass changeit
After the command is successfully executed, you can start the Automation Host in the console or install it as a service following these instructions.