IMPORTANT UPDATE: Starting from version 2.2.1, Automation Host accepts the SSL overwritten by a corporate proxy/firewall. This way, you do not need to export a public SSL certificate and then import to Automation Host's embedded Java as this article is going to walk you through. It means if you're using Automation Host version 2.2.1 or later, you do not need to follow this article as it is no longer an issue.
If your organization uses an SSL proxy that alters all certificates on the internet, including the SSL certificate from your qTest site, to your own certificate that is not trusted by Automation Host embedded Java, the Automation Host will fail to access qTest Manager. the below errors may appear in the console or in the logs:
- FetchError: request to https://<your qtest site url>/../ failed, reason: self signed certificate in certificate chain
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As a result, you might find some of below symptoms in Automation Host UI:
- Failed to register Automation Host with qTest Manager: after executing `agentctl config` command and then `agentctl start`, access to the Automation Host UI shows the unexpected registration screen instead of the Automation Host home page
- The Add agent button is disabled
- When clicking on Poll Now button, it fails to poll to qTest Manager to load scheduled jobs
The solution is to import the public certificate of your qTest site to Automation Host's embedded Java keystore. Follow these instructions to export the public certificate of your qTest site and then import that certificate to Automation Host's embedded Java.
Export Public Certificate of your qTest Site
Follow these instructions:
- Open Chrome browser. Login to your qTest site. Select the Secure icon in the address bar.
- From the popup Windows, select Certificate (Valid).
- From Certificate dialog, select the Detailstab.
- Next, select the Copy to file... icon.
- From Certificate Export Wizard dialog, select Next.
- Make sure the option DER encoded binary X.509 (.CER) is selected. Select Next.
- Select the Browse...icon.
- On the Save As dialog:
- Select a folder location where you want to store the certificate
- Enter the name of the certificate in the File name field
- Select Save.
9. You will be back to Certificate Export Wizard dialog. Select Next.
10. Select Finish.
Stop the Automation Host
- If Automation Host is running on Command Prompt (Windows) or Terminal (Linux/Mac), press Ctrl + C to stop it.
- If Automation Host has been installed and running as a service:
- Windows: access to Services window, look for the service naming 'qtest automation agent' and Stop it.
- Linux/Mac: access to automation host folder in Terminal and execute this command: /path/to/agentctl-<version> $ ./uninstall
Import public certificate of your qTest site to Automation Host's keystore
Access the host machine where your Automation Host is located. Navigate to the agentctl folder. Run the following command to import the public certificate to Automation Host's embedded Java keystore:
/path/to/agentctl-<version>$ /server-jre/bin/keytool -import -noprompt -trustcacerts -alias <AliasName> -file <path/to/certificate> -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
- <AliasName> an alias for this certificate
- <certificate> the path to the certificate you exported in previous step
The below command will import the certificate you exported in the steps above to Automation Host's embedded Java keystore:
C:\qtest-automation-host\agentctl-2.1.1> server-jre\bin\keytool -import -noprompt -trustcacerts -alias qtestcert -file "C:\users\tructran\Documents\cert.cer" -keystore server-jre\jre\lib\security\cacerts -storepass changeit
Copy the public certificate to a directory in that host machine. For example: /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer then execute below command.
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer -keystore ./server-jre/jre/lib/security/cacerts -storepass changeit
Copy the public certificate to a directory in that host machine, e.g. /usr/local/qtest-automation-host/agentctl-2.1.1/cert.cer and then execute below command:
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./server-jre/Contents/Home/bin/keytool -import -noprompt -trustcacerts -alias qtestcert -file /usr/local/qtest-automation-host/agentctl-2.1.1/cer.cer -keystore ./server-jre/Contents/Home/lib/security/cacerts -storepass changeit
Start the Automation Host
After the command is successfully executed, you can start the Automation Host in the console with the below commands:
C:\qtest-automation-host\agentctl-2.1.1> agentctl.bat start
Linux or Mac
/usr/local/qtest-automation-host/agentctl-2.1.1$ ./agentctl start
You can also install the automation host as a service following these instructions: