Menu

SSL Proxy Configuration in Automation Host

If your organization uses an SSL proxy that alters all certificates on the internet, including the SSL certificate from your qTest site, to your own certificate that is not trusted by Automation Host embedded Java, the Automation Host will fail to access to qTest Manager and some errors like below will appear in the console or in the logs:

  • FetchError: request to https://<your qtest site url>/../ failed, reason: self signed certificate in certificate chain
  • javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

As a result, you might find some of below symptoms in Automation Host UI:

  • Failed to register Automation Host with qTest Manager: after executing `agentctl config` command and then `agentctl start`, access to the Automation Host UI shows the unexpected registration screen instead of the Automation Host home page
  • The Add agent button is disabled
  • When clicking on Poll Now button, it failed to poll to qTest Manager to load scheduled jobs

The solution is to import the public certificate of your qTest site to Automation Host's embedded Java keystore. Follow these instructions to export the public certificate of your qTest site then import that certificate to Automation Host's embedded Java.

Export Public Certificate of your qTest Site

1. Open Chrome browser. Login to your qTest site. Click on Secure icon in the address bar.

ssl-cert-01.png

2. From the popup Windows, click on Certificate (Valid) item.

ssl-cert-02.png

3. From Certificate dialog, click on Details tab.

ssl-cert-03.png

4. Next, click on Copy to file... button

ssl-cert-04.png

5. From Certificate Export Wizard dialog, click Next.

ssl-cert-05.png

6. Make sure the option DER encoded binary X.509 (.CER) is selected. Click Next.

ssl-cert-06.png

7. Click Browse... button

ssl-cert-07.png

8. On Save As dialog

  • Select a folder location where you want to store the certificate
  • Enter the name of the certificate to File name field
  • Click Save

ssl-cert-08.png

9. You will be back to Certificate Export Wizard dialog. Click Next.

ssl-cert-09.png

10. Click Finish.

ssl-cert-10.png

Stop the Automation Host

  • If Automation Host is running on Command Prompt (Windows) or Terminal (Linux/Mac), press Ctrl + C to stop it.
  • If Automation Host has been installed and running as a service:
    • Windows: access to Services window, look for the service naming 'qtest automation agent' and Stop it
    • Linux/Mac: access to automation host folder in Terminal and execute this command: /path/to/agentctl-<version> $ ./uninstall

Import public certificate of your qTest site to Automation Host's keystore

Access to the host machine where your automation host is located. Navigate to agentctl folder. Run the following command to import the public certificate to Automation Host's embedded Java keystore.

/path/to/agentctl-<version>$ /server-jre/bin/keytool -import -noprompt -trustcacerts -alias <AliasName> -file <path/to/certificate> -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit

  • <AliasName> an alias for this certificate
  • <certificate> the path to the certificate you exported in previous step

EXAMPLE

Windows

Below command will import the certificate you exported in the steps above to Automation Host's embedded Java keystore.

C:\qtest-automation-host\agentctl-2.1.1> server-jre\bin\keytool -import -noprompt -trustcacerts -alias qtestcert -file "C:\users\tructran\Documents\cert.cer" -keystore server-jre\jre\lib\security\cacerts -storepass changeit

Linux

Copy the public certificate to a directory in that host machine, for example: /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.

/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit

Mac

Copy the public certificate to a directory in that host machine, e.g. /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.

/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/Contents/Home/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cer.cer -keystore ./server-jre/Contents/Home/lib/security/cacerts -storepass changeit 

Start the Automation Host

After the command is successfully executed, you can start the Automation Host in the console with the below command:

Windows

C:\qtest-automation-host\agentctl-2.1.1> agentctl.bat start

Linux or Mac

/usr/local/qtest-automation-host/agentctl-2.1.1$ ./agentctl start

You can also install the automation host as a service following these instructions.

 

 

Powered by Zendesk