Menu

SSL Proxy Configuration in Automation Host

If your organization uses an SSL proxy that alters all certificates on the internet, including the SSL certificate from your qTest site, to your own certificate that is not trusted by Automation Host embedded Java, the Automation Host will fail to access to qTest Manager and some errors like below will appear in the console or in the logs:

  • FetchError: request to https://<your qtest site url>/../ failed, reason: self signed certificate in certificate chain
  • javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The solution is to import the public certificate of your qTest site to Automation Host's embedded Java keystore. Follow these instructions to export the public certificate of your qTest site then import that certificate to Automation Host's embedded Java.

Export Public Certificate of your qTest Site

1. Open Chrome browser. Login to your qTest site. Click on Secure icon in the address bar.

ssl-cert-01.png

2. From the popup Windows, click on Certificate (Valid) item.

ssl-cert-02.png

3. From Certificate dialog, click on Details tab.

ssl-cert-03.png

4. Next, click on Copy to file... button

ssl-cert-04.png

5. From Certificate Export Wizard dialog, click Next.

ssl-cert-05.png

6. Make sure the option DER encoded binary X.509 (.CER) is selected. Click Next.

ssl-cert-06.png

7. Click Browse... button

ssl-cert-07.png

8. On Save As dialog

  • Select a folder location where you want to store the certificate
  • Enter the name of the certificate to File name field
  • Click Save

ssl-cert-08.png

9. You will be back to Certificate Export Wizard dialog. Click Next.

ssl-cert-09.png

10. Click Finish.

ssl-cert-10.png

Import public certificate of your qTest site to Automation Host's keystore

Access to the host machine where your automation host is located. 

If the automation host is running in the console (Terminal on Linux or MacOS or Command Prompt on Windows), stop it by pressing Ctrl + C.

Still in the console, navigate to agentctl folder. Run the following command to import the public certificate to Automation Host's embedded Java keystore.

/path/to/agentctl-<version>$ /server-jre/bin/keytool -import -noprompt -trustcacerts -alias <AliasName> -file <path/to/certificate> -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit

  • <AliasName> an alias for this certificate
  • <certificate> the path to the certificate you exported in previous step

EXAMPLE

Windows

Below command will import the certificate you exported in the steps above to Automation Host's embedded Java keystore.

C:\qtest-automation-host\agentctl-2.1.1> server-jre\bin\keytool -import -noprompt -trustcacerts -alias qtestcert -file "C:\users\tructran\Documents\cert.cer" -keystore server-jre\jre\lib\security\cacerts -storepass changeit

Linux

Copy the public certificate to a directory in that host machine, for example: /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.

/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit

Mac

Copy the public certificate to a directory in that host machine, e.g. /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.

/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/Contents/Home/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cer.cer -keystore ./server-jre/Contents/Home/lib/security/cacerts -storepass changeit 

After the command is successfully executed, you can start the Automation Host in the console or install it as a service following these instructions.

 

 

Powered by Zendesk