If your organization uses an SSL proxy that alters all certificates on the internet, including the SSL certificate from your qTest site, to your own certificate that is not trusted by Automation Host embedded Java, the Automation Host will fail to access to qTest Manager and some errors like below will appear in the console or in the logs:
- FetchError: request to https://<your qtest site url>/../ failed, reason: self signed certificate in certificate chain
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As a result, you might find some of below symptoms in Automation Host UI:
- Failed to register Automation Host with qTest Manager: after executing `agentctl config` command and then `agentctl start`, access to the Automation Host UI shows the unexpected registration screen instead of the Automation Host home page
- The Add agent button is disabled
- When clicking on Poll Now button, it failed to poll to qTest Manager to load scheduled jobs
The solution is to import the public certificate of your qTest site to Automation Host's embedded Java keystore. Follow these instructions to export the public certificate of your qTest site then import that certificate to Automation Host's embedded Java.
Export Public Certificate of your qTest Site
1. Open Chrome browser. Login to your qTest site. Click on Secure icon in the address bar.
2. From the popup Windows, click on Certificate (Valid) item.
3. From Certificate dialog, click on Details tab.
4. Next, click on Copy to file... button
5. From Certificate Export Wizard dialog, click Next.
6. Make sure the option DER encoded binary X.509 (.CER) is selected. Click Next.
7. Click Browse... button
8. On Save As dialog
- Select a folder location where you want to store the certificate
- Enter the name of the certificate to File name field
- Click Save
9. You will be back to Certificate Export Wizard dialog. Click Next.
10. Click Finish.
Stop the Automation Host
- If Automation Host is running on Command Prompt (Windows) or Terminal (Linux/Mac), press Ctrl + C to stop it.
- If Automation Host has been installed and running as a service:
- Windows: access to Services window, look for the service naming 'qtest automation agent' and Stop it
- Linux/Mac: access to automation host folder in Terminal and execute this command: /path/to/agentctl-<version> $ ./uninstall
Import public certificate of your qTest site to Automation Host's keystore
Access to the host machine where your automation host is located. Navigate to agentctl folder. Run the following command to import the public certificate to Automation Host's embedded Java keystore.
/path/to/agentctl-<version>$ /server-jre/bin/keytool -import -noprompt -trustcacerts -alias <AliasName> -file <path/to/certificate> -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
- <AliasName> an alias for this certificate
- <certificate> the path to the certificate you exported in previous step
Below command will import the certificate you exported in the steps above to Automation Host's embedded Java keystore.
C:\qtest-automation-host\agentctl-2.1.1> server-jre\bin\keytool -import -noprompt -trustcacerts -alias qtestcert -file "C:\users\tructran\Documents\cert.cer" -keystore server-jre\jre\lib\security\cacerts -storepass changeit
Copy the public certificate to a directory in that host machine, for example: /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
Copy the public certificate to a directory in that host machine, e.g. /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/Contents/Home/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cer.cer -keystore ./server-jre/Contents/Home/lib/security/cacerts -storepass changeit
Start the Automation Host
After the command is successfully executed, you can start the Automation Host in the console with the below command:
C:\qtest-automation-host\agentctl-2.1.1> agentctl.bat start
Linux or Mac
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./agentctl start
You can also install the automation host as a service following these instructions.