Back to QMetry All Products Help Page
SSL Certificates Configuration for QMetry Application Tomcat Server in Docker
(Note: SSL Configuration is not part of QMetry Installation and is not included as under basic QMetry support services. These are just guidelines for customers to achieve the SSL setup.)Â
Step 1:Â Login to Docker container & Generate JKS File
# docker ps (To get the name of running container) # docker exec -it qmetry_app_1 bash (Login to docker container) # mkdir -p /opt/ssl # cd /opt/ssl # keytool -genkey -alias qmetry -keyalg RSA -keysize 2048 -keystore qtm_test_qmetry.jks Enter keystore password: <This is the keystore password> Re-enter new password: <This is the keystore password> What is your first and last name? [Unknown]: <Enter First Name and Last Name> What is the name of your organizational unit? [Unknown]: e.g QMetry What is the name of your organization? [Unknown]: e.g QMetry What is the name of your City or Locality? [Unknown]: e.g Santa Clara What is the name of your State or Province? [Unknown]: e.g San Francisco What is the two-letter country code for this unit? [Unknown]: e.g SF Is CN=Firstname Lastname, OU=QMetry, O=QMetry, L=Santa Clara, ST=San Francisco, C=SF correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password): <Just hit Enter to keep same password as keystore> Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
Step 2: Generate CSR
# keytool -certreq -alias qmetry -file qtm_test_qmetry.csr -keystore qtm_test_qmetry.jks Enter keystore password: <Enter Keystore Password as per Step 1> Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
Step 3: Send the CSR to your signing certificate authority and get certificates.
Step 4: Import certificate to jks file by replacing the name of p7b certificate.
# docker cp qtm_test_qmetry.p7b qmetry_app_1:/opt/ssl (Copy qtm_test_qmetry.p7b to Docker's /opt/ssl directory) # docker exec -it qmetry_app_1 bash (Login to docker container) # cd /opt/ssl/ # keytool -import -alias qmetry -file qtm_test_qmetry.p7b -keystore qtm_test_qmetry.jks Enter keystore password: <Enter Keystore Password as per Step 1> ------- ---- -- ... is not trusted. Install reply anyway? [no]: yes Certificate reply was installed in keystore Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore qtm_test_qmetry.jks -destkeystore qtm_test_qmetry.jks -deststoretype pkcs12".
Step 5:Â Edit server.xml
# vi /home/qmetry/QMetry/conf/server.xml
Step 6: Comment out the 8443 tag
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Step 7:Â Add a new tag for port 443 by replacing keystoreFile and keystorePass in server.xml
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="<Add alias as per step 1>" keystoreFile= "<Add path of qmetry jks file>" e.g "/opt/ssl/qtm_test_qmetry.jks" keystorePass="<Add keystore password as per step 1>" />
Step 8: Change redirect port to 443 for HTTP/1.1 configuration in server.xml and save it.
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="80" protocol="HTTP/1.1" redirectPort="443" useBodyEncodingForURI="true"/>
Step 9:Â Edit web.xml
# vi /home/qmetry/QMetry/conf/web.xml
Step 10: Change redirect port to 443 for HTTP/1.1 configuration in web.xml and save it. (add below code before </web-app> tag)
<security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Step 11: Restart the tomcat services
# exit (exit the docker container) # docker stop qmetry_app_1 # docker start qmetry_app_1
After following the above steps QMetry would be accessible via https://domain.qmetry.com/
Step 12:Â Modify QMetry Settings to HTTPS, ensure both QMetry and Reports servers have SSL certificates installed.
Go to Profile >> Edit >> Base URL >> Change to https. Go to Profile >> Edit >> Report Server URL >> Change to https.
Step 13:Â Take the backup of the SSL certificate to root directory
# docker cp -a qmetry_app_1:/opt/ssl /root/
Back to QMetry All Products Help Page