During one of our recent implementation of HP Quality Center, one representative form the client, kept asking me, Ahmad! “Why you are not implementing SSL. We have very secure data and you are exposing it”.
Defiantly I had to look at it as refusing clients, is not part of our company policy.
After working at it for couple of days, I came up with following solution (Got little help from HP Support Community).
Step 1: Install HP Quality Center with JBoss Application Server
Step 2: In command prompt navigate to Java Bin Directory (JRE – Install it if not present).
Default Directory can be <installation drive>\Program Files\HP\<Either of Quality Center or Application Life Cycle Management>\Java\JRE\bin\
Step 3: Run following commands (in place of “Server Name” write the actual server name)
- set SERVER_DN=”CN=<server name>, OU=X, O=Y, L=Z, S=XY, C=YZ”
- set CLIENT_DN=”CN=Client, OU=X, O=Y, L=Z, S=XY, C=YZ”
- set KSDEFAULTS=-storepass changeit
- set KEYINFO=-keyalg RSA
- keytool -genkey -alias tomcat -dname %SERVER_DN% %KSDEFAULTS% -keystore server.keystore %KEYINFO% -keypass changeit
- keytool -export -alias tomcat -file temp_server.cer %KSDEFAULTS% -keystore server.keystore
- keytool -import -v -trustcacerts -alias tomcat -file temp_server.cer %KSDEFAULTS% -keystore client.keystore.trust -keypass changeit
Step 4: Take copy of CACERTS file present in the <installation drive>\Program Files\HP\<Either of Quality Center or Application Life Cycle Management>\Java\JRE\lib\security and place it somewhere safe
Step 5: Copy the file created by Step 3 Part 7 (CLIENT.KEYSTORE.TRUST) and to the <installation drive>\Program Files\HP\<Either of Quality Center or Application Life Cycle Management>\Java\JRE\lib\security folder and rename it CACERTS
Step 6: Copy the file created by Step 3 Part 6 (SERVER.KEYSTORE) to an accessible location like C:\CAs\server.keystore
Step 7: Back up “server.xml” present in <installation Drive>\ Program Files\HP\<Either of Quality Center or Application Life Cycle Management>\jboss\jboss.zip\server\default\deploy\jbossweb.sar
Step 8: Edit the “server.xml” by Uncommenting the SSL connector, edit the keystoreFile and keystorePass options:
<!– SSL/TLS Connector configuration using the admin devl guide keystore –> <Connector port=”8443″ address=”${jboss.bind.address}” maxThreads=”100″ minSpareThreads=”5″ maxSpareThreads=”15″ scheme=”https” secure=”true” clientAuth=”false” keystoreFile=”C:\CAs\server.keystore” keystorePass=”changeit” sslProtocol=”TLS” />
Comment out the HTTP connector in the server.xml file.
Step 9: Save the server.xml file, and restart JBoss and QC (e.g., via the Windows Services)
Step 10: Connect to QC using port 8443. Forexample (https://server name:8443/qcbin)
