(Note: SSL Configuration is not part of QMetry Installation and is not included as under basic QMetry support services. These are just guidelines for customers to achieve the SSL setup.)
Step 1: Login to Docker container & Generate JKS File
| Code Block |
|---|
|
# docker ps (To get the name of running container)
# docker exec -it qmetry_app_1 bash (Login to docker container)
# mkdir -p /opt/ssl
# cd /opt/ssl
# keytool -genkey -alias qmetry -keyalg RSA -keysize 2048 -keystore qtm_test_qmetry.jks
Enter keystore password: <This is the keystore password>
Re-enter new password: <This is the keystore password>
What is your first and last name?
[Unknown]: <Enter First Name and Last Name>
What is the name of your organizational unit?
[Unknown]: e.g QMetry
What is the name of your organization?
[Unknown]: e.g QMetry
What is the name of your City or Locality?
[Unknown]: e.g Santa Clara
What is the name of your State or Province?
[Unknown]: e.g San Francisco
What is the two-letter country code for this unit?
[Unknown]: e.g SF
Is CN=Firstname Lastname, OU=QMetry, O=QMetry, L=Santa Clara, ST=San Francisco, C=SF correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): <Just hit Enter to keep same password as keystore>
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
|
Step 2: Generate CSR
| Code Block |
|---|
|
# keytool -certreq -alias qmetry -file qtm_test_qmetry.csr -keystore qtm_test_qmetry.jks
Enter keystore password: <Enter Keystore Password as per Step 1>
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
|
Step 3: Send the CSR to your signing certificate authority and get certificates.
Step 4: Import certificate to jks file by replacing the name of p7b certificate.
| Code Block |
|---|
|
# docker cp qtm_test_qmetry.p7b qmetry_app_1:/opt/ssl (Copy qtm_test_qmetry.p7b to Docker's /opt/ssl directory)
# docker exec -it qmetry_app_1 bash (Login to docker container)
# cd /opt/ssl/
# keytool -import -alias qmetry -file qtm_test_qmetry.p7b -keystore qtm_test_qmetry.jks
Enter keystore password: <Enter Keystore Password as per Step 1>
-------
----
--
... is not trusted. Install reply anyway? [no]: yes
Certificate reply was installed in keystore
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
|
Step 5: Edit server.xml
| Code Block |
|---|
|
# vi /home/qmetry/QMetry/conf/server.xml |
| Code Block |
|---|
|
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
--> |
Step 7: Add a new tag for port 443 by replacing keystoreFile and keystorePass in server.xml
| Code Block |
|---|
|
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="<Add alias as per step 1>"
keystoreFile= "<Add path of qmetry jks file>" e.g "/opt/ssl/qtm_test_qmetry.jks"
keystorePass="<Add keystore password as per step 1>" /> |
Step 8: Change redirect port to 443 for HTTP/1.1 configuration in server.xml and save it.
| Code Block |
|---|
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="80" protocol="HTTP/1.1" redirectPort="443" useBodyEncodingForURI="true"/> |
Step 9: Edit web.xml
| Code Block |
|---|
|
# vi /home/qmetry/QMetry/conf/web.xml |
Step 10: Change redirect port to 443 for HTTP/1.1 configuration in web.xml and save it. (add below code before </web-app> tag)
| Code Block |
|---|
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> |
Step 11: Restart the tomcat services
| Code Block |
|---|
|
# exit (exit the docker container)
# docker stop qmetry_app_1
# docker start qmetry_app_1
|
After following the above steps QMetry would be accessible via https://domain.qmetry.com/
Step 12: Modify QMetry Settings to HTTPS, ensure both QMetry and Reports servers have SSL certificates installed.
| Code Block |
|---|
|
Go to Profile >> Edit >> Base URL >> Change to https.
Go to Profile >> Edit >> Report Server URL >> Change to https. |
Step 13: Take the backup of the SSL certificate to root directory
| Code Block |
|---|
|
# docker cp -a qmetry_app_1:/opt/ssl /root/ |
...